| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33326 | @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany | keystonejs | keystone | Medium | 4.3 | 2026-03-24 19:08:06 | Deep Dive |
| CVE-2025-46720 | Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields | keystonejs | keystone | Low | 3.1 | 2025-05-05 18:53:52 | Deep Dive |
| CVE-2023-40027 | Conditionally missing authorization in @keystone-6/core | keystonejs | keystone | Low | 3.7 | 2023-08-15 17:45:54 | Deep Dive |
| CVE-2023-34247 | @keystone-6/auth Open Redirect vulnerability | keystonejs | keystone | Medium | 6.1 | 2023-06-13 16:31:32 | Deep Dive |
| CVE-2022-39382 | NODE_ENV in Keystone defaults to development with esbuild | keystonejs | keystone | Critical | 9.8 | 2022-11-03 00:00:00 | Deep Dive |
| CVE-2022-39322 | @keystone-6/core vulnerable to field-level access-control bypass for multiselect field | keystonejs | keystone | Critical | 9.1 | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2022-0087 | Cross-site Scripting (XSS) - Reflected in keystonejs/keystone | keystonejs | keystonejs/keystone | 中危 | - | 2022-01-11 23:20:11 | Deep Dive |
| CVE-2021-32624 | Private Field data leak | keystonejs | keystone-5 | High | 7.5 | 2021-05-24 16:55:09 | Deep Dive |