Known Vulnerabilities for products from Strapi
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Strapi".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27886 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-22707 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-22706 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2026-22599 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2025-64526 json | Not Provided | 2026-05-14 | 2026-05-14 | |
| CVE-2023-39345 json | strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as p... | 7.5 - HIGH | 2023-11-06 | 2023-11-14 |
| CVE-2023-38507 json | Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login ... | 9.8 - CRITICAL | 2023-09-15 | 2023-09-21 |
| CVE-2023-37263 json | Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not res... | 2.7 - LOW | 2023-09-15 | 2023-09-20 |
| CVE-2023-36472 json | Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to... | 5.7 - MEDIUM | 2023-09-15 | 2023-09-21 |
| CVE-2023-34235 json | Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields i... | 7.5 - HIGH | 2023-07-25 | 2023-08-02 |
| CVE-2023-34093 json | Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugi... | 7.1 - HIGH | 2023-07-25 | 2023-08-03 |
| CVE-2023-22894 json | Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the q... | 4.9 - MEDIUM | 2023-04-19 | 2023-05-01 |
| CVE-2023-22893 json | Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider... | 7.5 - HIGH | 2023-04-19 | 2023-05-01 |
| CVE-2023-22621 json | Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary co... | 7.2 - HIGH | 2023-04-19 | 2023-05-01 |
| CVE-2022-32114 json | ** DISPUTED ** An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to ... | 8.8 - HIGH | 2022-07-13 | 2023-11-07 |
| CVE-2022-31367 json | Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 8.8 - HIGH | 2022-09-27 | 2022-09-30 |
| CVE-2022-30618 json | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password r... | 7.5 - HIGH | 2022-05-19 | 2022-06-06 |
| CVE-2022-30617 json | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password r... | 8.8 - HIGH | 2022-05-19 | 2022-06-06 |
| CVE-2022-29894 json | Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting... | 4.8 - MEDIUM | 2022-06-13 | 2022-06-22 |
| CVE-2022-27263 json | An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code ... | 9.8 - CRITICAL | 2022-04-12 | 2022-04-19 |
Known software with vulnerabilities from Strapi
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Strapi | Strapi | 0.0.1 |