Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Strapi — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Strapi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Strapi:Strapistrapi/strapi
CVE IDTitleCVSSSeverityPublished
CVE-2025-53092 Strapi core vulnerable to sensitive data exposure via CORS misconfiguration — strapiCWE-200 6.5 Medium2025-10-16
CVE-2025-25298 Missing Maximum Password Length Validation in Strapi Password Hashing — strapiCWE-261 8.2AIHighAI2025-10-16
CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup — strapiCWE-639 8.2 High2025-10-16
CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi — StrapiCWE-613 9.1AICriticalAI2025-10-16
CVE-2024-52588 Strapi allows Server-Side Request Forgery in Webhook function — strapiCWE-918 4.9 Medium2025-05-29
CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass — strapiCWE-294 7.1 High2024-06-12
CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling — strapiCWE-248 5.3 Medium2024-06-12
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel — strapiCWE-639 2.3 Low2024-06-12
CVE-2023-39345 Unauthorized Access to Private Fields in User Registration API in strapi — strapiCWE-287 7.6 High2023-11-06
CVE-2023-38507 Strapi Improper Rate Limiting vulnerability — strapiCWE-770 7.3 High2023-09-15
CVE-2023-37263 Strapi's field level permissions not being respected in relationship title — strapiCWE-200 6.8 Medium2023-09-15
CVE-2023-36472 Strapi may leak sensitive user information, user reset password, tokens via content-manager views — strapiCWE-200 5.8 Medium2023-09-15
CVE-2023-34235 Leaking sensitive user information still possible by filtering on private with prefix fields — strapiCWE-200 8.6 High2023-07-25
CVE-2023-34093 Strapi allows actors to make all attributes on a content-type public without noticing it — strapiCWE-200 4.8 Medium2023-07-25
CVE-2022-29894 Strapi 跨站脚本漏洞 — Strapi 4.8 -2022-06-13
CVE-2022-30618 Strapi 安全漏洞 — StrapiCWE-212 7.5 -2022-05-19
CVE-2022-30617 Strapi 安全漏洞 — StrapiCWE-212 8.8 -2022-05-19
CVE-2022-0764 Arbitrary Command Injection in strapi/strapi — strapi/strapiCWE-78 6.7 -2022-02-26

This page lists every published CVE security advisory associated with Strapi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.