@avorati/strapi-plugin-preview (=1.0.1), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +139 more potentially affected by CVE-2026-27886 via @strapi/strapi (>=4.0.2 <=5.36.0)

@strapi/strapi NPM version =4.0.2, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.3.4, =1.4.3 and more Source cves: CVE-2026-27886 Source advisory: SNYK:JS-STRAPISTRAPI-16690611...

@avorati/strapi-plugin-preview (=1.0.1), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +139 more potentially affected by CVE-2026-27886 via @strapi/strapi (>=4.0.2 <=5.36.0)

@strapi/strapi NPM version =4.0.2, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.3.4, =1.4.3 and more Source cves: CVE-2026-27886 Source advisory: OSV:GHSA-RJG2-95X7-8QMX...

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

@avorati/strapi-plugin-preview (=1.0.1), @catchmexz/fedin-cms (>=5.30.1 <=5.30.2) +26 more potentially affected by CVE-2024-56143 via @strapi/core (>=5.0.0 <=5.5.1)

@strapi/core NPM version =5.0.0, =5.30.1, =1.0.0, =2.3.1, =2.0.2, =0.1.0, =2.0.0, =1.0.1, =5.0.0, =0.1.0, =0.2.0, =0.5.0 - cypherscan-strapi =0.1.1 - keycloak-auth-plugin =0.0.1 - my-shopify-app-backend =0.1.0 and more Source cves: CVE-2024-56143 Source advisory: SNYK:JS-STRAPICORE-13601313...

EUVD-2022-6092

Malicious code in bioql PyPI...

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +58 more potentially affected by CVE-2024-37818 via @strapi/strapi (>=4.0.0-beta.0 <=4.24.4)

@strapi/strapi NPM version =4.0.0-beta.0, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.0-beta.6, =1.0.0-beta.8, =1.0.0-beta.15 and more Source cves: CVE-2024-37818 Source advisory: OSV:GHSA-P9FF-J98V-P435...

@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bilberrry/strapi-plugin-link-finder (>=1.0.1 <=1.0.2) +118 more potentially affected by CVE-2023-22894 via @strapi/strapi (>=4.0.0-beta.0 <=4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e)

@strapi/strapi NPM version =4.0.0-beta.0, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =0.0.1, =1.0.5, =1.0.5, =1.0.9, =0.0.1, =0.1.0, =1.3.2, =1.7.0 - @iliad.dev/atlas-adapter =0.2.11 and more Source cves: CVE-2023-22894 Source advisory: OSV:GHSA-JJQF-J4W7-92W8...

Strapi 注入漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.5.5, which can be exploited by an attacker to inject a crafted payload that executes code on the server into an email template, thereby bypassing validation checks that are suppos...

PT-2023-18758 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 4.5.5 and earlier Strapi versions 4.7.1 and earlier Description: The issue allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. An attacker can filter users by...

PT-2023-33074 · Amazon · Aws Cognito

Name of the Vulnerable Software and Affected Versions: Strapi versions 4.5.6 and earlier Description: The issue concerns the verification of access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token...

PT-2023-18592

Name of the Vulnerable Software and Affected Versions Strapi versions 4.5.5 and earlier Description Strapi allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a...

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +49 more potentially affected by CVE-2022-32114 via @strapi/strapi (>=0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b <=4.1.12)

@strapi/strapi NPM version =0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2022-32114 Source advisory: OSV:GHSA-4VM8-J95F-J6V5...

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +13 more potentially affected by CVE-2022-29894 via strapi (>=2.0.2 <=3.6.10)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =3.6.1-0.1, =2.0.0, =2.0.0, =0.1.3, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2022-29894 Source advisory: OSV:GHSA-MCQM-6FF4-53QX...

@depup/strapi (=2.0.2-depup.0), @symbol-it/strapi-plugin-mailjet (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2020-13961 via strapi (>=2.0.2 <=3.0.0)

strapi NPM version =2.0.2, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2020-13961 Source advisory: OSV:GHSA-65WV-528R-M892...

@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30618 via strapi (>=3.0.0 <=3.6.8)

strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +50 more potentially affected by CVE-2021-46440 via @strapi/strapi (>=4.0.2 <=4.1.2)

@strapi/strapi NPM version =4.0.2, =4.12.2, =1.0.9, =1.0.0-alpha.2, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...

@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +9 more potentially affected by CVE-2021-28128 via strapi (>=2.0.2 <=3.3.4)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2021-28128 Source advisory: OSV:GHSA-37HX-4MCQ-WC3H...