Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm strapi Security Advisories

High

GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG

Strapi mishandles hidden attributes within admin API responses
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tY3FtLTZmZjQtNTNxeM4AArjX

Cross-site Scripting in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4

Improper Input Validation in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago

High

GSA_kwCzR0hTQS12Z2o3LTg5NWotZ3ByNs4AAgbK

High

GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

Insecure password handling vulnerability in Strapi
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS05cWdtLXc4N3EtaHg4Oc06zg

Unrestricted Upload of File with Dangerous Type in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS14cmpmLXBodnYtcjR2cs0vLg

Command injection in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 2 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5dnYtNnE3cS13NWNm

OS Command Injection in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 2 years ago

High

GSA_kwCzR0hTQS0zN2h4LTRtY3Etd2MzaM0WMQ

Weak Password Recovery Mechanism for Forgotten Password in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy

Authorization bypass in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMnctcm14NC05bXc3

Command Injection in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5

Strapi allows unauthenticated attacker to reset admin password without valid reset token
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 4 years ago

Statistics

Advisories: 18,139
Packages: 8,241
Repositories: 3
Ecosystems: 12

Filter by Severity

Moderate 7,815 High 6,287 Critical 2,787 Low 966

Filter by Ecosystem

maven 5,518 packagist 3,781 pypi 3,550 npm 3,530 go 1,878 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8

Filter by Package

parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 16 sequelize 16 ghost 14 tinymce 14 swagger-ui 14 next 13 joplin 13 strapi 13 ckeditor4 13 vm2 12 undici 12 handlebars 11 nodebb 11 angular 11 marked 11 @evershop/evershop 9 serve 9 tinymce/tinymce 9 TinyMCE 9 jquery-rails 9 org.webjars.npm:jquery 9 jquery 9 next-auth 9 npm 8 urijs 8 node-forge 8 jsrsasign 8 bootstrap 8 express-cart 8 systeminformation 8 @strapi/strapi 8 tar 8 matrix-js-sdk 8 jQuery 8 validator 8 editor.md 8 steal 8 url-parse 8 total.js 7 lodash 7 hermes-engine 7 jQuery.UI.Combined 7 sanitize-html 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 matrix-react-sdk 7 matrix-appservice-irc 7 nocodb 7 hapi 7 shescape 7 snyk-broker 7 safe-eval 6 parse-url 6 aaptjs 6 rsshub 6 lodash-es 5 sweetalert2 5 public 5 keystone 5 total4 5 openpgp 5 yarn 5 xlsx 5 mongoose 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 vite 5 dojo 5 prismjs 5 uptime-kuma 5 qs 4 jsonwebtoken 4 ws 4 safer-eval 4 generator-jhipster 4 realms-shim 4 engine.io 4 simple-git 4 ejs 4 apollo-server-core 4 convert-svg-core 4 hummus 4 muhammara 4 auth0-lock 4 auth0-js 4 moment 4 vditor 4 vega 4 mermaid 4 @keystone-6/core 4 valine 4 katex 4 awsiotsdk 4 materialize-css 4 fastify 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 dompurify 4 follow-redirects 4 axios 4 apostrophe 4 remarkable 4 mongo-express 4 simple-markdown 4 meshcentral 4 glance 4 @backstage/plugin-scaffolder-backend 4 ecstatic 4 mysql2 4 tough-cookie 3 sails 3 jose-node-esm-runtime 3 highcharts 3 localhost-now 3 mixme 3 socket.io-file 3 slpjs 3 parsel 3 browserify-shim 3 fast-xml-parser 3 @uppy/companion 3 jose 3 nadesiko3 3 connect 3 froala-editor 3 raneto 3 convict 3 serialize-to-js 3 buttle 3 grunt 3 lodash.defaultsdeep 3 xmldom 3 keycloak-connect 3 @strapi/utils 3 nodemailer 3 @vrite/sdk 3 node-opcua 3 postcss 3 json-ptr 3 typeorm 3 @sveltejs/kit 3 socket.io-parser 3 ids-enterprise 3 @backstage/techdocs-common 3 @materializecss/materialize 3 mysql 3 jose-node-cjs-runtime 3 @ckeditor/ckeditor5-markdown-gfm 3 immer 3 n8n 3 jointjs 3 passport-wsfed-saml2 3 mathjs 3 node-ipc 3 jquery-validation 3 node-red-dashboard 3 apollo-server 3 slp-validate 3 @cubejs-backend/api-gateway 3 m-server 3 org.webjars.npm:xlsx 3 uap-core 3 http-live-simulator 3 jspdf 3 protobufjs 3 feathers-sequelize 3 dns-sync 3 object-path 3 loader-utils 3 js-yaml 3 bootstrap 3 dojox 3 blamer 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 renovate 3 ftp-srv 3 stimulsoft-dashboards-js 3 @frangoteam/fuxa 3 yapi-vendor 3 node-fetch 3 xdLocalStorage 3 @apollo/server 3 json-pointer 3 bson 3 llhttp 3 wrangler 3 @sequelize/core 3 code-server 3 node-jose 3 locutus 3 codecov 3 subtext 3

Filter by Repository

https://github.com/strapi/strapi 8 https://github.com/kos0ng/CVEs 1