Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 Credited to Boegie19, alexandrebodin, and derrickmehaffy alexandrebodin alexandrebodin
derrickmehaffy derrickmehaffy
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Strapi may leak sensitive user information, user reset password, tokens via content-manager views Moderate
CVE-2023-36472 was published for @strapi/admin (npm) Sep 13, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, and alexandrebodin derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 Credited to Boegie19, derrickmehaffy, innerdvations, Marc-Roig, and Bassel17 derrickmehaffy derrickmehaffy
innerdvations innerdvations Marc-Roig Marc-Roig Bassel17 Bassel17
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database