Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin innerdvations innerdvations
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret Credited to Eventyret, iarce-qb, derrickmehaffy, Convly, innerdvations, and alexandrebodin iarce-qb iarce-qb
derrickmehaffy derrickmehaffy Convly Convly innerdvations innerdvations alexandrebodin alexandrebodin
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz Credited to dogusdeniz, innerdvations, derrickmehaffy, and christiancp100 innerdvations innerdvations
derrickmehaffy derrickmehaffy christiancp100 christiancp100
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin derrickmehaffy derrickmehaffy
innerdvations innerdvations alexandrebodin alexandrebodin
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, innerdvations, Marc-Roig, and Bassel17 derrickmehaffy derrickmehaffy
innerdvations innerdvations Marc-Roig Marc-Roig Bassel17 Bassel17
Making all attributes on a content-type public without noticing it Moderate
CVE-2023-34093 was published for @strapi/database (npm) Jul 25, 2023
nathan-pichon Credited to nathan-pichon, Marc-Roig, derrickmehaffy, innerdvations, and Convly Marc-Roig Marc-Roig
derrickmehaffy derrickmehaffy innerdvations innerdvations Convly Convly
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database