Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@strapi/plugin-users-permissions

npm

Protect your API with a full-authentication process based on JWT

View on github.com · View on npmjs.org

Security Advisories for @strapi/plugin-users-permissions in npm

Low
19 days ago

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions GSA_kwCzR0hTQS1odnAzLTI2d3gtZzJ3NM4ABW0n

npm @strapi/plugin-users-permissions, @strapi/admin
Moderate
19 days ago

Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying GSA_kwCzR0hTQS03bXF4LXd3aDQtZjlmd84ABW0l

npm @strapi/plugin-users-permissions
Potential
High
8 months ago

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8

npm @strapi/core
Potential
Moderate
8 months ago

Strapi Password Hashing is Missing Maximum Password Length Validation GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7

npm @strapi/core
Potential
High
8 months ago

Strapi Allows Unauthorized Access to Private Fields via parms.lookup GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff

npm @strapi/core
Potential
Moderate
8 months ago

Strapi is vulnerable to Insufficient Session Expiration GSA_kwCzR0hTQS00cjh3LTNqd3ctbTJycM4ABNfK

npm @strapi/strapi
High
almost 2 years ago

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E

npm @strapi/plugin-users-permissions
High
over 2 years ago

Unauthorized Access to Private Fields in User Registration API GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o

npm @strapi/strapi, @strapi/plugin-users-permissions
High
over 2 years ago

Strapi Improper Rate Limiting vulnerability GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t

npm @strapi/plugin-users-permissions, @strapi/admin
Potential
Moderate
over 2 years ago

Strapi may leak sensitive user information, user reset password, tokens via content-manager views GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r

npm @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Potential
Moderate
almost 3 years ago

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

npm @strapi/database, @strapi/utils, @strapi/strapi
Critical
about 3 years ago

Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o

npm @strapi/plugin-email, @strapi/plugin-users-permissions
Potential
High
about 3 years ago

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

npm @strapi/strapi
Moderate
about 3 years ago

Strapi does not verify the access or ID tokens issued during the OAuth flow GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y

npm @strapi/plugin-users-permissions
High
about 3 years ago

Authentication Bypass in @strapi/plugin-users-permissions GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O

npm @strapi/plugin-users-permissions
Potential
Moderate
almost 4 years ago

Cross-site Scripting in Strapi GSA_kwCzR0hTQS1tY3FtLTZmZjQtNTNxeM4AArjX

npm strapi
Potential
Moderate
about 4 years ago

Improper Input Validation in strapi GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4

npm strapi
Potential
High
about 4 years ago

Insecure password handling vulnerability in Strapi GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

npm @strapi/strapi, strapi
Potential
Moderate
over 4 years ago

Command injection in strapi GSA_kwCzR0hTQS14cmpmLXBodnYtcjR2cs0vLg

npm strapi
Potential
Moderate
over 4 years ago

Uncontrolled Resource Consumption in strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnAtZm1ydi1mNXB4

npm strapi-admin
Potential
Moderate
over 5 years ago

Cross-site Scripting in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDUtbW03di00ZjM2

npm strapi-plugin-content-manager
Potential
High
over 5 years ago

Improper Authorization in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNTUteGozNy1meDdn

npm strapi-plugin-content-type-builder
Potential
Critical
over 6 years ago

Strapi allows unauthenticated attacker to reset admin password without valid reset token MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5

npm strapi

Filter by Severity

Moderate 11 High 9 Critical 2 Low 1