GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Moderate
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
Strapi allows Server-Side Request Forgery in Webhook function
Moderate
CVE-2024-52588
was published
for
@strapi/admin
(npm)
May 27, 2025
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Moderate
CVE-2024-31217
was published
for
@strapi/plugin-upload
(npm)
Jun 12, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Moderate
CVE-2023-36472
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API