GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration
Moderate
CVE-2025-53092
was published
for
@strapi/core
(npm)
Oct 16, 2025
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields
High
CVE-2023-34235
was published
for
@strapi/database
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API