OsVault/npm/studiocms
npm

studiocms

8 known vulnerabilities · 0 critical · 0 high

CVE-2026-32638

StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens

Published Mar 16, 2026
CVE-2026-30945

StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service

Published Mar 11, 2026
CVE-2026-24134

StudioCMS has Authorization Bypass Through User-Controlled Key

Published Jan 27, 2026
CVE-2026-32103

StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation

Published Mar 12, 2026
CVE-2026-32106

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Published Mar 12, 2026
CVE-2026-30944

StudioCMS has Privilege Escalation via Insecure API Token Generation

Published Mar 10, 2026
CVE-2026-32104

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

Published Mar 12, 2026
CVE-2026-32101

StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check

Published Mar 12, 2026
Check your entire dependency tree at onceRun dependency scan →