Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Strapi — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Strapi, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration CWE-200 6.5 Medium2025-10-16
CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing CWE-261 8.2AIHighAI2025-10-16
CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup CWE-639 8.2 High2025-10-16
CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi CWE-613 9.1AICriticalAI2025-10-16
CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function CWE-918 4.9 Medium2025-05-29
CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass CWE-294 7.1 High2024-06-12
CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling CWE-248 5.3 Medium2024-06-12
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel CWE-639 2.3 Low2024-06-12
CVE-2023-39345 Unauthorized Access to Private Fields in User Registration API in strapi CWE-287 7.6 High2023-11-06
CVE-2023-38507 Strapi Improper Rate Limiting vulnerability CWE-770 7.3 High2023-09-15
CVE-2023-37263 Strapi's field level permissions not being respected in relationship title CWE-200 6.8 Medium2023-09-15
CVE-2023-36472 Strapi may leak sensitive user information, user reset password, tokens via content-manager views CWE-200 5.8 Medium2023-09-15
CVE-2023-34235 Leaking sensitive user information still possible by filtering on private with prefix fields CWE-200 8.6 High2023-07-25
CVE-2023-34093 Strapi allows actors to make all attributes on a content-type public without noticing it CWE-200 4.8 Medium2023-07-25
CVE-2022-29894 Strapi 跨站脚本漏洞 4.8 -2022-06-13
CVE-2022-30618 Strapi 安全漏洞 CWE-212 7.5 -2022-05-19
CVE-2022-30617 Strapi 安全漏洞 CWE-212 8.8 -2022-05-19
CVE-2020-8123 strapi 资源管理错误漏洞 CWE-400 3.9 -2020-02-04

All 18 known CVE vulnerabilities affecting Strapi with full Chinese analysis, references, and POCs where available.