VIR Vulnerability Intelligence Relay

Package impact

npm npm / @strapi/strapi

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-27886 high 7.5 7.5 14d ago Strapi may leak sensitive data via relational filtering due to lack of query sanitization npm
CVE-2025-3930 unknown 7mo ago Strapi is vulnerable to Insufficient Session Expiration npm
CVE-2024-37818 unknown 2y ago Strapi Server-Side Request Forgery (SSRF) npm
CVE-2023-39345 unknown 3y ago Unauthorized Access to Private Fields in User Registration API npm
CVE-2023-34093 unknown 3y ago Making all attributes on a content-type public without noticing it npm
CVE-2023-22894 unknown 3y ago Strapi leaking sensitive user information by filtering on private fields npm
CVE-2022-31367 unknown 4y ago Strapi mishandles hidden attributes within admin API responses npm
CVE-2022-32114 unknown 4y ago Strapi 4.1.12 Cross-site Scripting via crafted file npm
CVE-2022-30618 unknown 4y ago Improper Removal of Sensitive Information Before Storage or Transfer in Strapi npm
CVE-2022-30617 unknown 4y ago Improper Removal of Sensitive Information Before Storage or Transfer in Strapi npm
CVE-2021-46440 unknown 4y ago Insecure password handling vulnerability in Strapi npm