Filters
Versions
3.0.0
4
4.0.0
4
3.0.0-alpha10.1
3
3.0.0-alpha10.2
3
3.0.0-alpha10.3
3
3.0.0-alpha11
3
3.0.0-alpha11.1
3
3.0.0-alpha11.2
3
3.0.0-alpha11.3
3
3.0.0-alpha12
3
3.0.0-alpha12.1
3
3.0.0-alpha12.1.3
3
3.0.0-alpha12.2
3
3.0.0-alpha12.3
3
3.0.0-alpha12.4
3
3.0.0-alpha12.5
3
3.0.0-alpha12.6
3
3.0.0-alpha12.7
3
3.0.0-alpha12.7.1
3
3.0.0-alpha13
3
3.0.0-alpha13.0.1
3
3.0.0-alpha13.1
3
3.0.0-alpha14
3
3.0.0-alpha14.1
3
3.0.0-alpha14.1.1
3
3.0.0-alpha14.2
3
3.0.0-alpha14.3
3
3.0.0-alpha14.4.0
3
3.0.0-alpha14.5
3
3.0.0-alpha15
3
3.0.0-alpha16
3
3.0.0-alpha17
3
3.0.0-alpha18
3
3.0.0-alpha19
3
3.0.0-alpha20
3
3.0.0-alpha21
3
3.0.0-alpha22
3
3.0.0-alpha23
3
3.0.0-alpha23.1
3
3.0.0-alpha24
3
3.0.0-alpha24.1
3
3.0.0-alpha25
3
3.0.0-alpha25.1
3
3.0.0-alpha25.2
3
3.0.0-alpha26
3
3.0.0-alpha26.1
3
3.0.0-alpha26.2
3
3.0.0-alpha4
3
3.0.0-alpha4.8
3
3.0.0-alpha5.3
3
3.0.0-alpha5.5
3
3.0.0-alpha6.3
3
3.0.0-alpha6.4
3
3.0.0-alpha6.7
3
3.0.0-alpha7.2
3
3.0.0-alpha7.3
3
3.0.0-alpha8
3
3.0.0-alpha8.3
3
3.0.0-alpha9
3
3.0.0-alpha9.1
3
3.0.0-alpha9.2
3
3.0.0-beta0
3
3.0.0-beta1
3
3.0.0-beta10
3
3.0.0-beta11
3
3.0.0-beta12
3
3.0.0-beta13
3
3.0.0-beta14
3
3.0.0-beta15
3
3.0.0-beta16
3
3.0.0-beta16.1
3
3.0.0-beta16.2
3
3.0.0-beta16.3
3
3.0.0-beta16.4
3
3.0.0-beta16.5
3
3.0.0-beta16.6
3
3.0.0-beta16.7
3
3.0.0-beta16.8
3
3.0.0-beta17
3
3.0.0-beta17.1
3
3.0.0-beta17.2
3
3.0.0-beta17.3
3
3.0.0-beta17.4
3
3.0.0-beta2
3
3.0.0-beta3
3
3.0.0-beta4
3
3.0.0-beta5
3
3.0.0-beta6
3
3.0.0-beta7
3
3.0.0-beta8
3
3.0.0-beta9
3
1.6.4
2
3.0.0-beta17.5
2
3.0.0-beta17.6
2
3.0.0-beta17.7
2
3.0.0-beta17.8
1
3.0.0-beta18
1
3.0.0-beta18.1
1
3.0.0-beta18.2
1
3.0.0-beta18.3
1
3.2.1
1
3.6.0
1
3.6.10
1
4.0.0-beta10
1
4.0.0-beta11
1
4.0.0-beta12
1
4.0.0-beta13
1
4.0.0-beta14
1
4.0.0-beta15
1
4.0.0-beta2
1
4.0.0-beta3
1
4.0.0-beta4
1
4.0.0-beta5
1
4.0.0-beta6
1
4.0.0-beta7
1
4.0.0-beta8
1
4.0.0-beta9
1
4.1.12
1
4.1.5
1
npm/@strapi/plugin-users-permissions@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
8.1
First published (updated )
npm/@strapi/plugin-upload@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
6.5
First published (updated )
npm/@strapi/plugin-content-manager@strapi/plugin-content-manager leaks data via relations via the Admin Panel
3.5
First published (updated )
npm/@strapi/strapiUnauthorized Access to Private Fields in User Registration API in strapi
7.6
First published (updated )
npm/@strapi/plugin-users-permissionsStrapi Improper Rate Limiting vulnerability
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/@strapi/plugin-content-managerStrapi's field level permissions not being respected in relationship title
6.8
First published (updated )
Strapi StrapiStrapi may leak sensitive user information, user reset password, tokens via content-manager views
5.8
First published (updated )
npm/@strapi/utilsLeaking sensitive user information still possible by filtering on private with prefix fields
8.6
First published (updated )
npm/@strapi/databaseStrapi allows actors to make all attributes on a content-type public without noticing it
7.1
First published (updated )
Strapi StrapiStrapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the A…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiStrapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user de…
7.5
First published (updated )
Strapi StrapiStrapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploite…
10
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiAn authenticated user with access to the Strapi admin panel can view private and sensitive data, suc…
7.5
First published (updated )
Strapi StrapiAn authenticated user with access to the Strapi admin panel can view private and sensitive data, suc…
First published (updated )
Strapi StrapiStoring passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6…
7.5
First published (updated )
Strapi StrapiArbitrary Command Injection in strapi/strapi
7.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiIn Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering …
8.1
First published (updated )
npm/strapiadmin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?u…
9.8
First published (updated )
Strapi StrapiIn Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-buil…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Strapi StrapiA denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin co…
4.9
First published (updated )
Strapi Strapistrapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Au…
9.8
First published (updated )