strapi
67 known vulnerabilities · 3 critical · 12 high
Unrestricted Upload of File with Dangerous Type in Strapi
Strapi mishandles hidden attributes within admin API responses
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Command Injection in strapi
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Weak Password Recovery Mechanism for Forgotten Password in Strapi
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Bypass of field access control in strapi-plugin-protected-populate
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Malicious code in strapi-provider-upload-aws-s3-auth (npm)
Strapi's field level permissions not being respected in relationship title
Malicious code in strapi-plugin-api (npm)
Malicious code in strapi-plugin-blurhash (npm)
Malicious code in strapi-plugin-nordica-tools (npm)
Malicious code in strapi-plugin-form (npm)
Malicious code in strapi-plugin-sitemap-gen (npm)
Malicious code in strapi-plugin-config (npm)
Malicious code in strapi-plugin-content-sync (npm)
Malicious code in strapi-plugin-workspace-plugin (npm)
Malicious code in strapi-plugin-cron (npm)
Malicious code in strapi-plugin-database (npm)
Malicious code in strapi-plugin-guardarian-ext (npm)
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Strapi leaking sensitive user information by filtering on private fields
Strapi does not verify the access or ID tokens issued during the OAuth flow
Malicious code in strapi-plugin-logger (npm)
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Malicious code in strapi-plugin-cms-tools (npm)
Malicious code in strapi-plugin-core (npm)
Malicious code in strapi-plugin-locale (npm)
Malicious code in strapi-plugin-monitor (npm)
Malicious code in strapi-plugin-hooks (npm)
Malicious code in strapi-plugin-advanced-uuid (npm)
Malicious code in strapi-plugin-health (npm)
Malicious code in strapi-plugin-health-check (npm)
Malicious code in strapi-plugin-hextest (npm)
Malicious code in strapi-plugin-nordica-api (npm)
Malicious code in strapi-plugin-nordica-cms (npm)
Malicious code in strapi-plugin-nordica-deep (npm)
Malicious code in strapi-plugin-nordica-lite (npm)
Malicious code in strapi-plugin-nordica-recon (npm)
Malicious code in strapi-plugin-nordica-stage (npm)
Malicious code in strapi-plugin-nordica-sync (npm)
Malicious code in strapi-plugin-nordica-vhost (npm)
Malicious code in strapi-plugin-notify (npm)
Malicious code in strapi-plugin-seed (npm)
Malicious code in strapi-plugin-server (npm)
Malicious code in strapi-plugin-cache (npm)
Strapi Password Hashing is Missing Maximum Password Length Validation
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Malicious code in strapi-plugin-sync (npm)
Malicious code in strapi-plugin-nordica (npm)
Malicious code in strapi-plugin-debug-tools (npm)
Malicious code in strapi-plugin-events (npm)
Malicious code in strapi-plugin-finseven (npm)