Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin innerdvations innerdvations
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 Credited to Boegie19, alexandrebodin, and derrickmehaffy alexandrebodin alexandrebodin
derrickmehaffy derrickmehaffy
Strapi allows Server-Side Request Forgery in Webhook function Moderate
CVE-2024-52588 was published for @strapi/admin (npm) May 27, 2025
khoiminhvo32 Credited to khoiminhvo32 and derrickmehaffy derrickmehaffy derrickmehaffy
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret Credited to Eventyret, iarce-qb, derrickmehaffy, Convly, innerdvations, and alexandrebodin iarce-qb iarce-qb
derrickmehaffy derrickmehaffy Convly Convly innerdvations innerdvations alexandrebodin alexandrebodin
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling Moderate
CVE-2024-31217 was published for @strapi/plugin-upload (npm) Jun 12, 2024
CxDavidepaalte Credited to CxDavidepaalte, derrickmehaffy, Marc-Roig, and alexandrebodin derrickmehaffy derrickmehaffy
Marc-Roig Marc-Roig alexandrebodin alexandrebodin
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt Credited to felixdkatt, derrickmehaffy, Bassel17, and christiancp100 derrickmehaffy derrickmehaffy
Bassel17 Bassel17 christiancp100 christiancp100
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz Credited to dogusdeniz, innerdvations, derrickmehaffy, and christiancp100 innerdvations innerdvations
derrickmehaffy derrickmehaffy christiancp100 christiancp100
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin derrickmehaffy derrickmehaffy
innerdvations innerdvations alexandrebodin alexandrebodin
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, innerdvations, Marc-Roig, and Bassel17 derrickmehaffy derrickmehaffy
innerdvations innerdvations Marc-Roig Marc-Roig Bassel17 Bassel17
Making all attributes on a content-type public without noticing it Moderate
CVE-2023-34093 was published for @strapi/database (npm) Jul 25, 2023
nathan-pichon Credited to nathan-pichon, Marc-Roig, derrickmehaffy, innerdvations, and Convly Marc-Roig Marc-Roig
derrickmehaffy derrickmehaffy innerdvations innerdvations Convly Convly
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Credited to derrickmehaffy, Ccamm, and Convly Ccamm Ccamm
Convly Convly
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Credited to derrickmehaffy, Ccamm, Convly, and Marc-Roig Ccamm Ccamm
Convly Convly Marc-Roig Marc-Roig
Authentication Bypass in @strapi/plugin-users-permissions High
GHSA-xv3q-jrmm-4fxv was published for @strapi/plugin-users-permissions (npm) Apr 18, 2023
derrickmehaffy Credited to derrickmehaffy, Ccamm, and Convly Ccamm Ccamm
Convly Convly
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database