pkg:npm/@keystone-6/core

All known vulnerabilities

• CRITICAL9.8CVE-2022-39382@keystone-6/core's NODE_ENV defaults to development with esbuild
  >= 3.0.0, < 3.0.2
• CRITICAL9.1CVE-2022-39322Field-level access-control bypass for multiselect field
  >= 2.2.0, < 2.3.1
• MEDIUM5.3CVE-2023-40027When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
  from 0, < 5.5.1
• MEDIUM4.3@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)
  from 0, < 6.5.2
• LOW3.1Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
  from 0, < 6.5.0