HIGH8.8CVE-2022-31367Strapi mishandles hidden attributes within admin API responses >= 4.0.0-next.0, < 4.1.10
HIGH8.8CVE-2022-30617Improper Removal of Sensitive Information Before Storage or Transfer in Strapi from 0, < 4.0.0-beta.15
HIGH7.6Unauthorized Access to Private Fields in User Registration API
>= 4.0.0, < 4.13.1
HIGH7.5Strapi leaking sensitive user information by filtering on private fields
>= 3.2.1, < 4.8.0
HIGH7.5Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
from 0, < 4.1.9
HIGH7.5Insecure password handling vulnerability in Strapi
>= 4.0.0, < 4.1.5
MEDIUM4.8Making all attributes on a content-type public without noticing it
from 0, < 4.10.8
MEDIUM4.6Strapi 4.1.12 Cross-site Scripting via crafted file
from 0, <= 4.1.12
—Strapi may leak sensitive data via relational filtering due to lack of query sanitization
>= 4.0.0, < 5.37.0
—Strapi is vulnerable to Insufficient Session Expiration
from 0, < 5.24.1