Live data from GitHub and npm, updated daily.
Data last fetched: 2026-05-15
10 active CVEs reported via OSV.dev
Strapi mishandles hidden attributes within admin API responses
Strapi is vulnerable to Insufficient Session Expiration
Strapi 4.1.12 Cross-site Scripting via crafted file
Insecure password handling vulnerability in Strapi
Making all attributes on a content-type public without noticing it
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Unauthorized Access to Private Fields in User Registration API
Strapi leaking sensitive user information by filtering on private fields
Strapi Server-Side Request Forgery (SSRF)
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
Other CMS projects in the Node.js ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Strapi — without relying on volunteer maintainers.
Talk to an Expert →