Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@strapi/utils

npm

Shared utilities for the Strapi packages

View on github.com · View on npmjs.org

Security Advisories for @strapi/utils in npm

Potential
High
8 months ago

Strapi core vulnerable to sensitive data exposure via CORS misconfiguration GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8

npm @strapi/core
Potential
Moderate
8 months ago

Strapi Password Hashing is Missing Maximum Password Length Validation GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7

npm @strapi/core
Potential
High
8 months ago

Strapi Allows Unauthorized Access to Private Fields via parms.lookup GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff

npm @strapi/core
Potential
Moderate
8 months ago

Strapi is vulnerable to Insufficient Session Expiration GSA_kwCzR0hTQS00cjh3LTNqd3ctbTJycM4ABNfK

npm @strapi/strapi
Potential
Moderate
about 1 year ago

Strapi allows Server-Side Request Forgery in Webhook function GSA_kwCzR0hTQS12OHdqLWY1YzctcHZ4Zs4ABIaB

npm @strapi/admin
Potential
High
over 2 years ago

Unauthorized Access to Private Fields in User Registration API GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o

npm @strapi/strapi, @strapi/plugin-users-permissions
Potential
High
almost 3 years ago

Strapi Improper Rate Limiting vulnerability GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t

npm @strapi/plugin-users-permissions, @strapi/admin
Potential
Moderate
almost 3 years ago

Strapi's field level permissions not being respected in relationship title GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s

npm @strapi/plugin-content-manager
Moderate
almost 3 years ago

Strapi may leak sensitive user information, user reset password, tokens via content-manager views GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r

npm @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
High
almost 3 years ago

Leaking sensitive user information still possible by filtering on private with prefix fields GSA_kwCzR0hTQS05eGc0LTNxZm0tOXc4Zs4AA04c

npm @strapi/utils, @strapi/database
Moderate
almost 3 years ago

Making all attributes on a content-type public without noticing it GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b

npm @strapi/database, @strapi/utils, @strapi/strapi
Potential
Critical
about 3 years ago

Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o

npm @strapi/plugin-email, @strapi/plugin-users-permissions
Potential
High
about 3 years ago

Strapi leaking sensitive user information by filtering on private fields GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n

npm @strapi/strapi
Potential
Moderate
about 3 years ago

Strapi does not verify the access or ID tokens issued during the OAuth flow GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y

npm @strapi/plugin-users-permissions
Potential
Moderate
about 4 years ago

Cross-site Scripting in Strapi GSA_kwCzR0hTQS1tY3FtLTZmZjQtNTNxeM4AArjX

npm strapi
Potential
Moderate
about 4 years ago

Improper Input Validation in strapi GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4

npm strapi
Potential
High
about 4 years ago

Insecure password handling vulnerability in Strapi GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw

npm @strapi/strapi, strapi
Potential
Moderate
over 4 years ago

Command injection in strapi GSA_kwCzR0hTQS14cmpmLXBodnYtcjR2cs0vLg

npm strapi
Potential
Critical
about 5 years ago

Authorization bypass in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy

npm strapi
Potential
Moderate
over 5 years ago

Cross-site Scripting in Strapi MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDUtbW03di00ZjM2

npm strapi-plugin-content-manager

Filter by Severity

Moderate 11 High 7 Critical 2