GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
844
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Moderate
CVE-2024-31217
was published
for
@strapi/plugin-upload
(npm)
Jun 12, 2024
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields
High
CVE-2023-34235
was published
for
@strapi/database
(npm)
Jul 25, 2023
Authentication Bypass in @strapi/plugin-users-permissions
High
GHSA-xv3q-jrmm-4fxv
was published
for
@strapi/plugin-users-permissions
(npm)
Apr 18, 2023
ProTip!
Advisories are also available from the
GraphQL API