Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/strapi@3.0.0
Typenpm
Namespace
Namestrapi
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.2
Latest_non_vulnerable_version4.10.8
Affected_by_vulnerabilities
0
url VCID-1nkk-pvsd-x7dn
vulnerability_id VCID-1nkk-pvsd-x7dn
summary 
Improper Authentication
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22893
reference_id
reference_type
scores
0
value 0.50773
scoring_system epss
scoring_elements 0.97907
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22893
1
reference_url https://github.com/strapi/strapi
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi
2
reference_url https://github.com/strapi/strapi/blob/v4.5.6/packages/plugins/users-permissions/server/services/providers-registry.js
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/blob/v4.5.6/packages/plugins/users-permissions/server/services/providers-registry.js
3
reference_url https://github.com/strapi/strapi/commit/46f8f98378338f18b5c6139d0157a8f71bf4de83
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/46f8f98378338f18b5c6139d0157a8f71bf4de83
4
reference_url https://github.com/strapi/strapi/commit/8bbbd7383a20bb7cb163c8b462baffee559e994f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/8bbbd7383a20bb7cb163c8b462baffee559e994f
5
reference_url https://github.com/strapi/strapi/commit/eeab43b57707d7ef275076d27be6eabc72bd71a7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/eeab43b57707d7ef275076d27be6eabc72bd71a7
6
reference_url https://github.com/strapi/strapi/releases
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases
7
reference_url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
8
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ghostccamm.com/blog/multi_strapi_vulns
9
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns/
reference_id
reference_type
scores
url https://www.ghostccamm.com/blog/multi_strapi_vulns/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22893
reference_id CVE-2023-22893
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22893
11
reference_url https://github.com/advisories/GHSA-583x-23h9-f5w7
reference_id GHSA-583x-23h9-f5w7
reference_type
scores
url https://github.com/advisories/GHSA-583x-23h9-f5w7
fixed_packages
aliases CVE-2023-22893, GHSA-583x-23h9-f5w7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nkk-pvsd-x7dn
1
url VCID-5n69-472h-rbcn
vulnerability_id VCID-5n69-472h-rbcn
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22621
reference_id
reference_type
scores
0
value 0.91021
scoring_system epss
scoring_elements 0.99653
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22621
1
reference_url https://github.com/strapi/strapi
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi
2
reference_url https://github.com/strapi/strapi/commit/921d30961d6ba96cc098f2aea197350a49f990bd
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/921d30961d6ba96cc098f2aea197350a49f990bd
3
reference_url https://github.com/strapi/strapi/pull/15385
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/15385
4
reference_url https://github.com/strapi/strapi/releases
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases
5
reference_url https://github.com/strapi/strapi/releases/tag/v4.5.6
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v4.5.6
6
reference_url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
7
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.ghostccamm.com/blog/multi_strapi_vulns
8
reference_url https://www.ghostccamm.com/blog/multi_strapi_vulns/
reference_id
reference_type
scores
url https://www.ghostccamm.com/blog/multi_strapi_vulns/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22621
reference_id CVE-2023-22621
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22621
10
reference_url https://github.com/advisories/GHSA-2h87-4q2w-v4hf
reference_id GHSA-2h87-4q2w-v4hf
reference_type
scores
url https://github.com/advisories/GHSA-2h87-4q2w-v4hf
11
reference_url https://github.com/strapi/strapi/security/advisories/GHSA-2h87-4q2w-v4hf
reference_id GHSA-2h87-4q2w-v4hf
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/security/advisories/GHSA-2h87-4q2w-v4hf
fixed_packages
aliases CVE-2023-22621, GHSA-2h87-4q2w-v4hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n69-472h-rbcn
2
url VCID-acq9-x41j-6bbp
vulnerability_id VCID-acq9-x41j-6bbp
summary 
Weak Password Recovery Mechanism for Forgotten Password
strapi mishandles password resets within `packages/strapi-admin/controllers/Auth.js` and `packages/strapi-plugin-users-permissions/controllers/Auth.js`.
references
0
reference_url http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html
1
reference_url http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html
2
reference_url http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18818
reference_id
reference_type
scores
0
value 0.94045
scoring_system epss
scoring_elements 0.99904
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18818
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18818
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18818
5
reference_url https://github.com/strapi/strapi
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi
6
reference_url https://github.com/strapi/strapi/pull/4443
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/4443
7
reference_url https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5
8
reference_url https://www.npmjs.com/advisories/1311
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1311
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50237.py
reference_id CVE-2019-18818
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50237.py
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/50716.rb
reference_id CVE-2019-18818
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/nodejs/webapps/50716.rb
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18818
reference_id CVE-2019-18818
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18818
fixed_packages
aliases CVE-2019-18818, GHSA-6xc2-mj39-q599
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acq9-x41j-6bbp
Fixing_vulnerabilities
0
url VCID-vu2b-re6f-n7fd
vulnerability_id VCID-vu2b-re6f-n7fd
summary 
Uncontrolled Resource Consumption
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8123
reference_id
reference_type
scores
0
value 0.00601
scoring_system epss
scoring_elements 0.69854
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8123
1
reference_url https://github.com/strapi/strapi
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi
2
reference_url https://github.com/strapi/strapi/commit/c0c191c08f05fe10d7a6b1bf9475c1a651a89362
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/c0c191c08f05fe10d7a6b1bf9475c1a651a89362
3
reference_url https://hackerone.com/reports/768574
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/768574
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8123
reference_id CVE-2020-8123
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8123
5
reference_url https://github.com/advisories/GHSA-23fp-fmrv-f5px
reference_id GHSA-23fp-fmrv-f5px
reference_type
scores
url https://github.com/advisories/GHSA-23fp-fmrv-f5px
fixed_packages
0
url pkg:npm/strapi@3.0.0
purl pkg:npm/strapi@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nkk-pvsd-x7dn
1
vulnerability VCID-5n69-472h-rbcn
2
vulnerability VCID-acq9-x41j-6bbp
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.0
aliases CVE-2020-8123, GHSA-23fp-fmrv-f5px
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vu2b-re6f-n7fd
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.0