@keystone-6/core
This hub aggregates every CVE we track for @keystone-6/core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
2
Critical
0
High
0
In CISA KEV
Severity distribution
LOW2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting @keystone-6/core.
- CVE-2025-46720Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields3.1
- CVE-2023-40027Conditionally missing authorization in @keystone-6/core3.7
- CVE-2022-39382NODE_ENV in Keystone defaults to development with esbuild9.8
- CVE-2022-39322@keystone-6/core vulnerable to field-level access-control bypass for multiselect field9.1
Product normalization is registry-driven with AI assist and human review. How it works