Skip to content

KeystoneJS

Developer Productivity

A developer‑focused headless CMS that generates a GraphQL API and admin UI from your schema definition

Track releases GitHub Website
TypeScript Latest 2026-03-19 · 2mo ago Security brief →

Features

  • Generates a powerful GraphQL API automatically from your data schema
  • Provides a beautiful, customizable management UI for content and data
  • Zero‑boilerplate setup with the `create-keystone-app` CLI

Recent releases

View all 1 releases →
2026-03-19 Security relevant
Security fixes
  • CVE-2026-33326 — {field}.isFilterable access control could be bypassed in `findMany` queries by passing a `cursor`, allowing existence confirmation of protected records.
Full changelog

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

  • [core] Fix isFilterable bypass via cursor parameter in findMany query (#9790) @n0wsh

:rotating_light: Security Updates

We have identified and fixed 1 security vulnerability

  • CVE-2026-33326 - {field}.isFilterable access control could be bypassed in findMany queries by passing a cursor. This could be used to confirm the existence of records by protected field values.

:eyes: Review

See https://github.com/keystonejs/keystone/compare/2025-05-06...2026-03-19 to compare with our previous release.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
9,877
Forks
1,261
Languages
TypeScript JavaScript HTML
Downloads/week
3,797 ↓3%
NPM Maintainers
4
Contributors
287
TypeScript
Types included ✓
View on GitHub View on npm Homepage Documentation

Install & Platforms

Install via
npm

Community & Support

Slack

Similar tools

UVDesk
Centrifugo
Claude Control
LiveCodes
appsmith

Beta — feedback welcome: [email protected]