GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
High
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
Strapi Allows Unauthorized Access to Private Fields via parms.lookup
High
CVE-2024-56143
was published
for
@strapi/core
(npm)
Oct 16, 2025
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Moderate
CVE-2024-31217
was published
for
@strapi/plugin-upload
(npm)
Jun 12, 2024
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API