A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.

Severity: Medium

ghost v.<0.5.9 is affected by a Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the previous one is saved and not deleted. Also, the file size of the avatar is not limited.
(undisclosed - won't fix)