Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@strapi/admin

npm

Strapi Admin

View on github.com · View on npmjs.org

Security Advisories for @strapi/admin in npm

Low
19 days ago

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions GSA_kwCzR0hTQS1odnAzLTI2d3gtZzJ3NM4ABW0n

npm @strapi/plugin-users-permissions, @strapi/admin
Potential
High
8 months ago

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8

npm @strapi/core
Potential
Moderate
8 months ago

Strapi Password Hashing is Missing Maximum Password Length Validation GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7

npm @strapi/core
Potential
High
8 months ago

Strapi Allows Unauthorized Access to Private Fields via parms.lookup GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff

npm @strapi/core
Moderate
about 1 year ago

Strapi allows Server-Side Request Forgery in Webhook function GSA_kwCzR0hTQS12OHdqLWY1YzctcHZ4Zs4ABIaB

npm @strapi/admin
Potential
High
almost 2 years ago

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E

npm @strapi/plugin-users-permissions
Potential
Moderate
almost 2 years ago

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D

npm @strapi/plugin-upload
Potential
Low
almost 2 years ago

@strapi/plugin-content-manager leaks data via relations via the Admin Panel GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C

npm @strapi/plugin-content-manager
High
over 2 years ago

Strapi Improper Rate Limiting vulnerability GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t

npm @strapi/plugin-users-permissions, @strapi/admin
Potential
Moderate
over 2 years ago

Strapi's field level permissions not being respected in relationship title GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s

npm @strapi/plugin-content-manager
Moderate
over 2 years ago

Strapi may leak sensitive user information, user reset password, tokens via content-manager views GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r

npm @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Potential
Moderate
almost 3 years ago

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

npm @strapi/database, @strapi/utils, @strapi/strapi
Potential
Critical
about 3 years ago

Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o

npm @strapi/plugin-email, @strapi/plugin-users-permissions
Potential
High
about 3 years ago

Authentication Bypass in @strapi/plugin-users-permissions GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O

npm @strapi/plugin-users-permissions
Potential
High
over 4 years ago

Weak Password Recovery Mechanism for Forgotten Password in Strapi GSA_kwCzR0hTQS0zN2h4LTRtY3Etd2MzaM0WMQ

npm strapi
Potential
Critical
about 5 years ago

Authorization bypass in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy

npm strapi
Potential
Critical
over 6 years ago

Strapi allows unauthenticated attacker to reset admin password without valid reset token MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5

npm strapi

Filter by Severity

Moderate 6 High 6 Critical 3 Low 2