Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40strapi/strapi@4.4.0-beta.4
Typenpm
Namespace@strapi
Namestrapi
Version4.4.0-beta.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.37.0
Latest_non_vulnerable_version5.37.0
Affected_by_vulnerabilities
0
url VCID-5fwn-px5n-sqd2
vulnerability_id VCID-5fwn-px5n-sqd2
summary 
Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). 
The existence of /admin/renew-token endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. 

This issue has been fixed in version 5.24.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3930
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20365
published_at 2026-06-11T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.2054
published_at 2026-06-14T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20563
published_at 2026-06-13T12:55:00Z
3
value 0.00065
scoring_system epss
scoring_elements 0.20542
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3930
1
reference_url https://strapi.io
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://strapi.io
2
reference_url https://cert.pl/en/posts/2025/06/CVE-2025-3930
reference_id CVE-2025-3930
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/
url https://cert.pl/en/posts/2025/06/CVE-2025-3930
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3930
reference_id CVE-2025-3930
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3930
4
reference_url https://github.com/advisories/GHSA-4r8w-3jww-m2rp
reference_id GHSA-4r8w-3jww-m2rp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r8w-3jww-m2rp
5
reference_url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve-October-2025
reference_id security-disclosure-of-vulnerabilities-cve-October-2025
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/
url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve-October-2025
6
reference_url https://github.com/strapi/strapi
reference_id strapi
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/
url https://github.com/strapi/strapi
7
reference_url https://strapi.io/
reference_id strapi.io
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/
url https://strapi.io/
fixed_packages
0
url pkg:npm/%40strapi/strapi@5.24.1
purl pkg:npm/%40strapi/strapi@5.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-veck-s5e2-qbck
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@5.24.1
aliases CVE-2025-3930, GHSA-4r8w-3jww-m2rp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5fwn-px5n-sqd2
1
url VCID-9ms4-72fn-nqf8
vulnerability_id VCID-9ms4-72fn-nqf8
summary strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39345
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23661
published_at 2026-06-14T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23475
published_at 2026-06-11T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23681
published_at 2026-06-13T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23671
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39345
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39345
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39345
2
reference_url https://strapi.io/blog/security-disclosure-of-vulnerabilities-sept-2023
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://strapi.io/blog/security-disclosure-of-vulnerabilities-sept-2023
3
reference_url https://github.com/advisories/GHSA-gc7p-j5xm-xxh2
reference_id GHSA-gc7p-j5xm-xxh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gc7p-j5xm-xxh2
4
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2
reference_id GHSA-gc7p-j5xm-xxh2
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T19:26:27Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2
fixed_packages
0
url pkg:npm/%40strapi/strapi@4.13.1
purl pkg:npm/%40strapi/strapi@4.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fwn-px5n-sqd2
1
vulnerability VCID-veck-s5e2-qbck
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.13.1
aliases CVE-2023-39345, GHSA-gc7p-j5xm-xxh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ms4-72fn-nqf8
2
url VCID-j1sz-3wn5-kfcs
vulnerability_id VCID-j1sz-3wn5-kfcs
summary Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22894
reference_id
reference_type
scores
0
value 0.17914
scoring_system epss
scoring_elements 0.95309
published_at 2026-06-12T12:55:00Z
1
value 0.17914
scoring_system epss
scoring_elements 0.95316
published_at 2026-06-14T12:55:00Z
2
value 0.17914
scoring_system epss
scoring_elements 0.95314
published_at 2026-06-13T12:55:00Z
3
value 0.17914
scoring_system epss
scoring_elements 0.95294
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22894
1
reference_url https://github.com/strapi/strapi/releases/tag/v4.8.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v4.8.0
2
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-jjqf-j4w7-92w8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/security/advisories/GHSA-jjqf-j4w7-92w8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22894
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22894
4
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ghostccamm.com/blog/multi_strapi_vulns
5
reference_url https://github.com/advisories/GHSA-jjqf-j4w7-92w8
reference_id GHSA-jjqf-j4w7-92w8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjqf-j4w7-92w8
6
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns/
reference_id multi_strapi_vulns
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/
url https://www.ghostccamm.com/blog/multi_strapi_vulns/
7
reference_url https://github.com/strapi/strapi/releases
reference_id releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/
url https://github.com/strapi/strapi/releases
8
reference_url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
reference_id security-disclosure-of-vulnerabilities-cve
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/
url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
fixed_packages
0
url pkg:npm/%40strapi/strapi@4.8.0
purl pkg:npm/%40strapi/strapi@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fwn-px5n-sqd2
1
vulnerability VCID-9ms4-72fn-nqf8
2
vulnerability VCID-uqjf-k4zz-kufb
3
vulnerability VCID-veck-s5e2-qbck
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.8.0
aliases CVE-2023-22894, GHSA-jjqf-j4w7-92w8
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1sz-3wn5-kfcs
3
url VCID-uqjf-k4zz-kufb
vulnerability_id VCID-uqjf-k4zz-kufb
summary Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34093
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27427
published_at 2026-06-11T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27638
published_at 2026-06-14T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27629
published_at 2026-06-12T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27653
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34093
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34093
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34093
2
reference_url https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de
reference_id 2fa8f30371bfd1db44c15e5747860ee5789096de
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de
3
reference_url https://github.com/advisories/GHSA-chmr-rg2f-9jmf
reference_id GHSA-chmr-rg2f-9jmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chmr-rg2f-9jmf
4
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf
reference_id GHSA-chmr-rg2f-9jmf
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf
5
reference_url https://github.com/strapi/strapi/releases/tag/v4.10.8
reference_id v4.10.8
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/
url https://github.com/strapi/strapi/releases/tag/v4.10.8
fixed_packages
0
url pkg:npm/%40strapi/strapi@4.10.8
purl pkg:npm/%40strapi/strapi@4.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5fwn-px5n-sqd2
1
vulnerability VCID-9ms4-72fn-nqf8
2
vulnerability VCID-veck-s5e2-qbck
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.10.8
aliases CVE-2023-34093, GHSA-chmr-rg2f-9jmf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqjf-k4zz-kufb
4
url VCID-veck-s5e2-qbck
vulnerability_id VCID-veck-s5e2-qbck
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27886
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18056
published_at 2026-06-11T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18216
published_at 2026-06-12T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18235
published_at 2026-06-13T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.1821
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27886
1
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-rjg2-95x7-8qmx
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/security/advisories/GHSA-rjg2-95x7-8qmx
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27886
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27886
3
reference_url https://github.com/advisories/GHSA-rjg2-95x7-8qmx
reference_id GHSA-rjg2-95x7-8qmx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjg2-95x7-8qmx
fixed_packages
0
url pkg:npm/%40strapi/strapi@5.37.0
purl pkg:npm/%40strapi/strapi@5.37.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@5.37.0
aliases CVE-2026-27886, GHSA-rjg2-95x7-8qmx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-veck-s5e2-qbck
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.4.0-beta.4