npm
@strapi/plugin-users-permissions
7 known vulnerabilities · 0 critical · 5 high
GHSA-7mqx-wwh4-f9fw
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
Published May 13, 2026
GHSA-hvp3-26wx-g2w4
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
Published May 13, 2026
CVE-2023-22621HIGH
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Published Apr 19, 2023
CVE-2023-22893HIGH
Strapi does not verify the access or ID tokens issued during the OAuth flow
Published Apr 19, 2023
CVE-2024-34065HIGH
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Published Jun 12, 2024
CVE-2023-39345HIGH
Unauthorized Access to Private Fields in User Registration API
Published Nov 3, 2023
Check your entire dependency tree at onceRun dependency scan →