CRITICAL9.8CVE-2022-27263Unrestricted Upload of File with Dangerous Type in Strapi from 0, <= 4.1.5
from 0, < 3.2.5
CRITICAL9.8CVE-2019-18818Strapi allows unauthenticated attacker to reset admin password without valid reset token from 0, < 3.0.0-beta.17.5
HIGH8.8Strapi mishandles hidden attributes within admin API responses
from 0, < 3.6.10
HIGH8.8Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
>= 3.0.0, < 3.6.9
HIGH8.1Weak Password Recovery Mechanism for Forgotten Password in Strapi
from 0, <= 3.6.0
HIGH7.5Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
>= 3.0.0, < 3.6.9
HIGH7.5Insecure password handling vulnerability in Strapi
from 0, < 3.6.9
HIGH7.2Command Injection in strapi
from 0, < 3.0.0-beta.17.8
HIGH7.2Command Injection in strapi
from 0, < 3.0.0-beta.17.8
MEDIUM6.5Improper Input Validation in strapi
from 0, < 3.0.2
MEDIUM6.1Command injection in strapi
from 0, < 4.1.0
MEDIUM4.8Cross-site Scripting in Strapi
from 0, <= 3.6.10