@strapi/strapi Security Advisories - Npm

@strapi/strapi

An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite

View on github.com · View on npmjs.org

Security Advisories for @strapi/strapi in npm

Moderate

17 days ago

Strapi is vulnerable to Insufficient Session Expiration GSA_kwCzR0hTQS00cjh3LTNqd3ctbTJycM4ABNfK

npm @strapi/strapi

High

over 1 year ago

Strapi Server-Side Request Forgery (SSRF) GSA_kwCzR0hTQS1wOWZmLWo5OHYtcDQzNc4AA9QL

npm @strapi/strapi

High

almost 2 years ago

Unauthorized Access to Private Fields in User Registration API GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o

npm @strapi/strapi, @strapi/plugin-users-permissions

Moderate

over 2 years ago

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

npm @strapi/database, @strapi/utils, @strapi/strapi

High

over 2 years ago

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

npm @strapi/strapi

High

about 3 years ago

Strapi mishandles hidden attributes within admin API responses GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG

npm @strapi/strapi, strapi

Moderate

over 3 years ago

Strapi 4.1.12 Cross-site Scripting via crafted file GSA_kwCzR0hTQS00dm04LWo5NWYtajZ2Nc4AAtYF

npm @strapi/strapi

High

over 3 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL

npm @strapi/strapi, strapi

High

over 3 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS12Z2o3LTg5NWotZ3ByNs4AAgbK

npm @strapi/strapi, strapi

High

over 3 years ago

Insecure password handling vulnerability in Strapi GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

npm @strapi/strapi, strapi

Filter by Severity

High 7 Moderate 3

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

@strapi/strapi

Strapi is vulnerable to Insufficient Session Expiration GSA_kwCzR0hTQS00cjh3LTNqd3ctbTJycM4ABNfK

Strapi Server-Side Request Forgery (SSRF) GSA_kwCzR0hTQS1wOWZmLWo5OHYtcDQzNc4AA9QL

Unauthorized Access to Private Fields in User Registration API GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

Strapi mishandles hidden attributes within admin API responses GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG

Strapi 4.1.12 Cross-site Scripting via crafted file GSA_kwCzR0hTQS00dm04LWo5NWYtajZ2Nc4AAtYF

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi GSA_kwCzR0hTQS12Z2o3LTg5NWotZ3ByNs4AAgbK

Insecure password handling vulnerability in Strapi GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

Filter by Severity