Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/strapi/strapi
π Strapi is the leading open-source headless CMS. Itβs 100% JavaScript/TypeScript, fully customizable, and developer-first.
https://github.com/strapi/strapi
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 6 months ago
GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypassEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 6 months ago
GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception HandlingEcosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 6 months ago
Low
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: 6 months ago
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin PanelEcosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: 6 months ago
High
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: github
Published: about 1 year ago
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration APIEcosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: github
Published: about 1 year ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t
Strapi Improper Rate Limiting vulnerabilityEcosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s
Strapi's field level permissions not being respected in relationship titleEcosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r
Strapi may leak sensitive user information, user reset password, tokens via content-manager viewsEcosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: github
Published: over 1 year ago
High
Ecosystems: npm
Packages: @strapi/utils, @strapi/database
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS05eGc0LTNxZm0tOXc4Zs4AA04c
Leaking sensitive user information still possible by filtering on private with prefix fieldsEcosystems: npm
Packages: @strapi/utils, @strapi/database
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @strapi/database, @strapi/utils, @strapi/strapi
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b
Making all attributes on a content-type public without noticing itEcosystems: npm
Packages: @strapi/database, @strapi/utils, @strapi/strapi
Source: github
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions PluginEcosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
High
Ecosystems: npm
Packages: @strapi/strapi
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n
Strapi leaking sensitive user information by filtering on private fieldsEcosystems: npm
Packages: @strapi/strapi
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y
Strapi does not verify the access or ID tokens issued during the OAuth flowEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissionsEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS1tY3FtLTZmZjQtNTNxeM4AArjX
Cross-site Scripting in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4
Improper Input Validation in strapiEcosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS04NXZnLWdycjUtcHc0Ms3dNw
Insecure password handling vulnerability in StrapiEcosystems: npm
Packages: @strapi/strapi, strapi
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: strapi
Source: github
Published: almost 3 years ago
GSA_kwCzR0hTQS14cmpmLXBodnYtcjR2cs0vLg
Command injection in strapiEcosystems: npm
Packages: strapi
Source: github
Published: almost 3 years ago
High
Ecosystems: npm
Packages: strapi
Source: github
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5dnYtNnE3cS13NWNm
OS Command Injection in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: strapi-admin
Source: github
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnAtZm1ydi1mNXB4
Uncontrolled Resource Consumption in strapiEcosystems: npm
Packages: strapi-admin
Source: github
Published: about 3 years ago
High
Ecosystems: npm
Packages: strapi
Source: github
Published: about 3 years ago
GSA_kwCzR0hTQS0zN2h4LTRtY3Etd2MzaM0WMQ
Weak Password Recovery Mechanism for Forgotten Password in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: strapi
Source: github
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy
Authorization bypass in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: strapi-plugin-content-manager
Source: github
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDUtbW03di00ZjM2
Cross-site Scripting in StrapiEcosystems: npm
Packages: strapi-plugin-content-manager
Source: github
Published: about 4 years ago
High
Ecosystems: npm
Packages: strapi-plugin-content-type-builder
Source: github
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNTUteGozNy1meDdn
Improper Authorization in StrapiEcosystems: npm
Packages: strapi-plugin-content-type-builder
Source: github
Published: about 4 years ago
Critical
Ecosystems: npm
Packages: strapi
Source: github
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5
Strapi allows unauthenticated attacker to reset admin password without valid reset tokenEcosystems: npm
Packages: strapi
Source: github
Published: about 5 years ago