Potential security vulnerabilities can be reported directly us at security@ghost.org. The Ghost Security Team communicates privately and works in a secured, isolated repository for tracking, testing, and resolving security-related issues.
The full, up-to-date details of our security policy and procedure can always be found in our documentation:
https://ghost.org/docs/concepts/security/
Please refer to this before emailing us. Thanks for helping make Ghost safe for everyone 🙏.