| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-53092 | Strapi core vulnerable to sensitive data exposure via CORS misconfiguration | strapi | strapi | Medium | 6.5 | 2025-10-16 16:29:35 | Deep Dive |
| CVE-2025-25298 | Missing Maximum Password Length Validation in Strapi Password Hashing | strapi | strapi | - | - | 2025-10-16 16:21:46 | Deep Dive |
| CVE-2024-56143 | Strapi Allows Unauthorized Access to Private Fields via parms.lookup | strapi | strapi | High | 8.2 | 2025-10-16 16:07:31 | Deep Dive |
| CVE-2025-3930 | Lack of JWT Expiration after Log Out in Strapi | Strapi | Strapi | - | - | 2025-10-16 10:43:21 | Deep Dive |
| CVE-2024-52588 | Strapi allows Server-Side Request Forgery in Webhook function | strapi | strapi | Medium | 4.9 | 2025-05-29 09:02:15 | Deep Dive |
| CVE-2024-34065 | @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass | strapi | strapi | High | 7.1 | 2024-06-12 14:54:46 | Deep Dive |
| CVE-2024-31217 | @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling | strapi | strapi | Medium | 5.3 | 2024-06-12 14:50:38 | Deep Dive |
| CVE-2024-29181 | @strapi/plugin-content-manager leaks data via relations via the Admin Panel | strapi | strapi | Low | 2.3 | 2024-06-12 14:46:05 | Deep Dive |
| CVE-2023-48218 | Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable | strapi-community | strapi-plugin-protected-populate | Medium | 5.3 | 2023-11-20 17:09:49 | Deep Dive |
| CVE-2023-39345 | Unauthorized Access to Private Fields in User Registration API in strapi | strapi | strapi | High | 7.6 | 2023-11-06 18:26:20 | Deep Dive |
| CVE-2023-38507 | Strapi Improper Rate Limiting vulnerability | strapi | strapi | High | 7.3 | 2023-09-15 19:15:06 | Deep Dive |
| CVE-2023-37263 | Strapi's field level permissions not being respected in relationship title | strapi | strapi | Medium | 6.8 | 2023-09-15 18:57:10 | Deep Dive |
| CVE-2023-36472 | Strapi may leak sensitive user information, user reset password, tokens via content-manager views | strapi | strapi | Medium | 5.8 | 2023-09-15 18:54:34 | Deep Dive |
| CVE-2023-34235 | Leaking sensitive user information still possible by filtering on private with prefix fields | strapi | strapi | High | 8.6 | 2023-07-25 17:24:20 | Deep Dive |
| CVE-2023-34093 | Strapi allows actors to make all attributes on a content-type public without noticing it | strapi | strapi | Medium | 4.8 | 2023-07-25 14:54:42 | Deep Dive |
| CVE-2022-29894 | Strapi 跨站脚本漏洞 | Strapi | Strapi | 中危 | - | 2022-06-13 04:50:35 | Deep Dive |
| CVE-2022-30618 | Strapi 安全漏洞 | Strapi | Strapi | 高危 | - | 2022-05-19 17:08:47 | Deep Dive |
| CVE-2022-30617 | Strapi 安全漏洞 | Strapi | Strapi | 高危 | - | 2022-05-19 17:07:36 | Deep Dive |
| CVE-2022-0764 | Arbitrary Command Injection in strapi/strapi | strapi | strapi/strapi | 中危 | - | 2022-02-26 14:55:09 | Deep Dive |
| CVE-2020-8123 | strapi 资源管理错误漏洞 | - | Strapi | 中危 | - | 2020-02-04 19:08:57 | Deep Dive |