Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: strapi Clear
ID Title
CVE-2026-57997 Vulnerability in strapi (CVE-2026-57997)
vulnerability in strapi (CVE-2026-57997). Risk of unauthorized operations or information disclosure.
CVE-2026-27886 Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
CVE-2026-22707 Unrestricted File Upload in @strapi/upload (CVE-2026-22707)
vulnerability in @strapi/upload (CVE-2026-22707). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/upload`. Mitigation: upgrade to `5.33.3` or later.
CVE-2026-22706 Vulnerability in @strapi/admin (CVE-2026-22706)
vulnerability in @strapi/admin (CVE-2026-22706). Confidential information can be exposed externally. Exploitable via `POST /api/auth/refresh`. Mitigation: upgrade to `5.33.3` or later.
CVE-2026-22599 SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
CVE-2025-64526 Vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526)
vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526). Risk of unauthorized operations or information disclosure. Exploitable via ``ctx.request.body.email``. Mitigation: upgrade to `5.45.0` or later.
CVE-2022-32114 Unrestricted File Upload in strapi (CVE-2022-32114)
vulnerability in strapi (CVE-2022-32114). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →