pkg:npm/strapi

13 total CVEsCRITICAL3HIGH7MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-27263Unrestricted Upload of File with Dangerous Type in Strapi
    from 0, <= 4.1.5
  • CRITICAL9.8CVE-2020-27664Authorization bypass in Strapi
    from 0, < 3.2.5
  • CRITICAL9.8CVE-2019-18818Strapi allows unauthenticated attacker to reset admin password without valid reset token
    from 0, < 3.0.0-beta.17.5
  • HIGH8.8CVE-2022-31367Strapi mishandles hidden attributes within admin API responses
    from 0, < 3.6.10
  • HIGH8.8CVE-2022-30617Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
    >= 3.0.0, < 3.6.9
  • HIGH8.1CVE-2021-28128Weak Password Recovery Mechanism for Forgotten Password in Strapi
    from 0, <= 3.6.0
  • HIGH7.5CVE-2022-30618Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
    >= 3.0.0, < 3.6.9
  • HIGH7.5CVE-2021-46440Insecure password handling vulnerability in Strapi
    from 0, < 3.6.9
  • HIGH7.2CVE-2019-19609Command Injection in strapi
    from 0, < 3.0.0-beta.17.8
  • HIGH7.2CVE-2019-19609Command Injection in strapi
    from 0, < 3.0.0-beta.17.8
  • MEDIUM6.5CVE-2020-13961Improper Input Validation in strapi
    from 0, < 3.0.2
  • MEDIUM6.1CVE-2022-0764Command injection in strapi
    from 0, < 4.1.0
  • MEDIUM4.8CVE-2022-29894Cross-site Scripting in Strapi
    from 0, <= 3.6.10