ghost is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate the public API endpoints when filtering, which allows an attacker to reveal private fields such as the author name via a brute-force attack.