Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Making all attributes on a content-type public without noticing it Moderate
CVE-2023-34093 was published for @strapi/database (npm) Jul 25, 2023
nathan-pichon Credited to nathan-pichon, Marc-Roig, derrickmehaffy, innerdvations, and Convly Marc-Roig Marc-Roig
derrickmehaffy derrickmehaffy innerdvations innerdvations Convly Convly
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, innerdvations, Marc-Roig, and Bassel17 derrickmehaffy derrickmehaffy
innerdvations innerdvations Marc-Roig Marc-Roig Bassel17 Bassel17
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 Credited to scgajge12, derrickmehaffy, innerdvations, and alexandrebodin derrickmehaffy derrickmehaffy
innerdvations innerdvations alexandrebodin alexandrebodin
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz Credited to dogusdeniz, innerdvations, derrickmehaffy, and christiancp100 innerdvations innerdvations
derrickmehaffy derrickmehaffy christiancp100 christiancp100
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret Credited to Eventyret, iarce-qb, derrickmehaffy, Convly, innerdvations, and alexandrebodin iarce-qb iarce-qb
derrickmehaffy derrickmehaffy Convly Convly innerdvations innerdvations alexandrebodin alexandrebodin
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin innerdvations innerdvations
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database