Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/strapi@3.0.0-next.49
Typenpm
Namespace
Namestrapi
Version3.0.0-next.49
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.5
Latest_non_vulnerable_version4.10.8
Affected_by_vulnerabilities
0
url VCID-gkb4-ad7n-byd5
vulnerability_id VCID-gkb4-ad7n-byd5
summary 
Improper Input Validation
Strapi could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13961
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70476
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13961
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/183045
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/183045
2
reference_url https://github.com/strapi/strapi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi
3
reference_url https://github.com/strapi/strapi/pull/6599
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/6599
4
reference_url https://github.com/strapi/strapi/releases/tag/v3.0.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.0.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13961
reference_id CVE-2020-13961
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13961
fixed_packages
0
url pkg:npm/strapi@3.0.2
purl pkg:npm/strapi@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzmr-p64p-fycf
1
vulnerability VCID-r9jw-pgw5-guh5
2
vulnerability VCID-yafu-6e7s-y3cw
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.2
aliases CVE-2020-13961, GHSA-65wv-528r-m892
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkb4-ad7n-byd5
1
url VCID-kzmr-p64p-fycf
vulnerability_id VCID-kzmr-p64p-fycf
summary 
Incorrect Default Permissions
In Strapi, there is no `admin::hasPermissions` restriction for CTB (aka content-type-builder) routes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27665
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52851
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27665
1
reference_url https://github.com/strapi/strapi/commit/3cdd73987950d5c7976701047b38203e902007bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/commit/3cdd73987950d5c7976701047b38203e902007bb
2
reference_url https://github.com/strapi/strapi/pull/8439
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8439
3
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
4
reference_url https://snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-1021616
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-1021616
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27665
reference_id CVE-2020-27665
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27665
6
reference_url https://github.com/advisories/GHSA-4p55-xj37-fx7g
reference_id GHSA-4p55-xj37-fx7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p55-xj37-fx7g
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27665, GHSA-4p55-xj37-fx7g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzmr-p64p-fycf
2
url VCID-r9jw-pgw5-guh5
vulnerability_id VCID-r9jw-pgw5-guh5
summary 
Improper Input Validation
`admin/src/containers/InputModalStepperProvider/index.js` in Strapi has unwanted `/proxy?url=` functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27664
reference_id
reference_type
scores
0
value 0.01344
scoring_system epss
scoring_elements 0.80375
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27664
1
reference_url https://github.com/strapi/strapi/pull/8442
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8442
2
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27664
reference_id CVE-2020-27664
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27664
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27664, GHSA-7frv-9phw-vrvr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9jw-pgw5-guh5
3
url VCID-yafu-6e7s-y3cw
vulnerability_id VCID-yafu-6e7s-y3cw
summary 
Cross-site Scripting
Strapi has stored XSS in the wysiwyg editor's preview feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27666
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.5175
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27666
1
reference_url https://github.com/strapi/strapi/pull/8440
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/pull/8440
2
reference_url https://github.com/strapi/strapi/releases/tag/v3.2.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/strapi/strapi/releases/tag/v3.2.5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27666
reference_id CVE-2020-27666
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27666
4
reference_url https://github.com/advisories/GHSA-qvp5-mm7v-4f36
reference_id GHSA-qvp5-mm7v-4f36
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvp5-mm7v-4f36
fixed_packages
0
url pkg:npm/strapi@3.2.5
purl pkg:npm/strapi@3.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.2.5
aliases CVE-2020-27666, GHSA-qvp5-mm7v-4f36
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yafu-6e7s-y3cw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/strapi@3.0.0-next.49