Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@strapi/core

npm

Core of Strapi

View on github.com · View on npmjs.org

Security Advisories for @strapi/core in npm

High
8 months ago

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8

npm @strapi/core
Moderate
8 months ago

Strapi Password Hashing is Missing Maximum Password Length Validation GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7

npm @strapi/core
High
8 months ago

Strapi Allows Unauthorized Access to Private Fields via parms.lookup GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff

npm @strapi/core
Potential
Moderate
about 1 year ago

Strapi allows Server-Side Request Forgery in Webhook function GSA_kwCzR0hTQS12OHdqLWY1YzctcHZ4Zs4ABIaB

npm @strapi/admin
Potential
High
almost 2 years ago

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E

npm @strapi/plugin-users-permissions
Potential
Moderate
almost 2 years ago

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D

npm @strapi/plugin-upload
Potential
Low
almost 2 years ago

@strapi/plugin-content-manager leaks data via relations via the Admin Panel GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C

npm @strapi/plugin-content-manager
Potential
High
over 2 years ago

Strapi Improper Rate Limiting vulnerability GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t

npm @strapi/plugin-users-permissions, @strapi/admin
Potential
Moderate
over 2 years ago

Strapi's field level permissions not being respected in relationship title GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s

npm @strapi/plugin-content-manager
Potential
High
almost 3 years ago

Leaking sensitive user information still possible by filtering on private with prefix fields GSA_kwCzR0hTQS05eGc0LTNxZm0tOXc4Zs4AA04c

npm @strapi/utils, @strapi/database
Potential
High
about 3 years ago

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

npm @strapi/strapi
Potential
Moderate
about 3 years ago

Strapi does not verify the access or ID tokens issued during the OAuth flow GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y

npm @strapi/plugin-users-permissions
Potential
High
about 3 years ago

Authentication Bypass in @strapi/plugin-users-permissions GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O

npm @strapi/plugin-users-permissions
Potential
High
over 4 years ago

Weak Password Recovery Mechanism for Forgotten Password in Strapi GSA_kwCzR0hTQS0zN2h4LTRtY3Etd2MzaM0WMQ

npm strapi
Potential
Critical
about 5 years ago

Authorization bypass in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy

npm strapi
Potential
Moderate
over 5 years ago

Cross-site Scripting in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDUtbW03di00ZjM2

npm strapi-plugin-content-manager
Potential
High
over 5 years ago

Improper Authorization in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNTUteGozNy1meDdn

npm strapi-plugin-content-type-builder

Filter by Severity

High 9 Moderate 6 Low 1 Critical 1