Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling Moderate
CVE-2024-31217 was published for @strapi/plugin-upload (npm) Jun 12, 2024
CxDavidepaalte derrickmehaffy
Marc-Roig alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz innerdvations
derrickmehaffy christiancp100
Making all attributes on a content-type public without noticing it Moderate
CVE-2023-34093 was published for @strapi/database (npm) Jul 25, 2023
nathan-pichon Marc-Roig
derrickmehaffy innerdvations Convly
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
Authentication Bypass in @strapi/plugin-users-permissions High
GHSA-xv3q-jrmm-4fxv was published for @strapi/plugin-users-permissions (npm) Apr 18, 2023
derrickmehaffy Ccamm
Convly
ProTip! Advisories are also available from the GraphQL API