pkg:npm/@strapi/strapi

All known vulnerabilities

• HIGH8.8CVE-2022-31367Strapi mishandles hidden attributes within admin API responses
  >= 4.0.0-next.0, < 4.1.10
• HIGH8.8CVE-2022-30617Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
  from 0, < 4.0.0-beta.15
• HIGH8.6CVE-2024-37818Strapi Server-Side Request Forgery (SSRF)
• HIGH7.6CVE-2023-39345Unauthorized Access to Private Fields in User Registration API
  >= 4.0.0, < 4.13.1
• HIGH7.5CVE-2023-22894Strapi leaking sensitive user information by filtering on private fields
  >= 3.2.1, < 4.8.0
• HIGH7.5CVE-2022-30618Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
  from 0, < 4.1.9
• HIGH7.5CVE-2021-46440Insecure password handling vulnerability in Strapi
  >= 4.0.0, < 4.1.5
• MEDIUM4.8CVE-2023-34093Making all attributes on a content-type public without noticing it
  from 0, < 4.10.8
• MEDIUM4.6CVE-2022-32114Strapi 4.1.12 Cross-site Scripting via crafted file
  from 0, <= 4.1.12
• —CVE-2026-27886Strapi may leak sensitive data via relational filtering due to lack of query sanitization
  >= 4.0.0, < 5.37.0
• —CVE-2025-3930Strapi is vulnerable to Insufficient Session Expiration
  from 0, < 5.24.1