Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@strapi/strapi

npm · An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite · Repository · Package

Security Advisories for @strapi/strapi in npm

High
over 1 year ago

Strapi Server-Side Request Forgery (SSRF) GSA_kwCzR0hTQS1wOWZmLWo5OHYtcDQzNc4AA9QL

npm @strapi/strapi
High
almost 2 years ago

Unauthorized Access to Private Fields in User Registration API GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o

npm @strapi/strapi, @strapi/plugin-users-permissions
Moderate
about 2 years ago

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

npm @strapi/database, @strapi/utils, @strapi/strapi
High
over 2 years ago

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

npm @strapi/strapi
High
about 3 years ago

Strapi mishandles hidden attributes within admin API responses GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG

npm @strapi/strapi, strapi
Moderate
about 3 years ago

Strapi 4.1.12 Cross-site Scripting via crafted file GSA_kwCzR0hTQS00dm04LWo5NWYtajZ2Nc4AAtYF

npm @strapi/strapi
High
over 3 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS12Z2o3LTg5NWotZ3ByNs4AAgbK

npm @strapi/strapi, strapi
High
over 3 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL

npm @strapi/strapi, strapi
High
over 3 years ago

Insecure password handling vulnerability in Strapi GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

npm @strapi/strapi, strapi

Filter by Severity

High 7 Moderate 2