Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57997 |
|
Vulnerability in strapi (CVE-2026-57997)
vulnerability in strapi (CVE-2026-57997). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27886 |
|
Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
|
| CVE-2026-22707 |
|
Unrestricted File Upload in @strapi/upload (CVE-2026-22707)
vulnerability in @strapi/upload (CVE-2026-22707). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/upload`. Mitigation: upgrade to `5.33.3` or later.
|
| CVE-2026-22706 |
|
Vulnerability in @strapi/admin (CVE-2026-22706)
vulnerability in @strapi/admin (CVE-2026-22706). Confidential information can be exposed externally. Exploitable via `POST /api/auth/refresh`. Mitigation: upgrade to `5.33.3` or later.
|
| CVE-2026-22599 |
|
SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
|
| CVE-2025-64526 |
|
Vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526)
vulnerability in @strapi/plugin-users-permissions (CVE-2025-64526). Risk of unauthorized operations or information disclosure. Exploitable via ``ctx.request.body.email``. Mitigation: upgrade to `5.45.0` or later.
|
| CVE-2022-32114 |
|
Unrestricted File Upload in strapi (CVE-2022-32114)
vulnerability in strapi (CVE-2022-32114). Successful exploitation can lead to full system takeover.
|