Strapi Security Vulnerabilities (CVEs)
Track 11 security vulnerabilities affecting Strapi products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Strapi versions before 5.10.3 do not enforce a maximum password length when using bcryptjs for password hashing, causing passwords longer than 72 byte...
Oct 16, 2025This vulnerability in Strapi allows attackers to access private fields like admin passwords and reset tokens by crafting malicious queries with the lo...
Oct 16, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Strapi v4.24.4 that allows attackers to make unauthorized requests from the s...
Jun 20, 2024This CVE describes an authentication bypass vulnerability in Strapi's users-permissions plugin. By combining an open redirect with session tokens sent...
Jun 12, 2024This vulnerability in Strapi allows malicious users to modify private fields in their user records during registration. It affects all Strapi instance...
Nov 6, 2023This vulnerability allows attackers to bypass rate limiting on Strapi's admin login function, enabling brute force attacks to guess credentials. It af...
Sep 15, 2023CVE-2023-22621 is a Server-Side Template Injection vulnerability in Strapi that allows authenticated attackers with admin panel access to execute arbi...
Apr 19, 2023An unrestricted file upload vulnerability in Strapi 4.1.12 allows authenticated users with upload permissions to upload PDF files containing JavaScrip...
Jul 13, 2022This vulnerability in Strapi's DOCUMENTATION plugin stores passwords in a recoverable format (base64 encoded in cookies). Attackers who intercept HTTP...
May 3, 2022This vulnerability in Strapi allows attackers who have obtained a valid session to change a user's password without providing the current password. Th...
May 6, 2021CVE-2020-27664 is a server-side request forgery (SSRF) vulnerability in Strapi's admin interface that allows attackers to make unauthorized requests t...
Oct 22, 2020Why Monitor Strapi Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 11+ known vulnerabilities affecting Strapi products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Strapi packages in under 60 seconds. No agents required - completely agentless scanning that works across Strapi deployments.
Free vulnerability database: Access detailed information about every Strapi CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Strapi CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
