Vulnerabilities > Strapi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-38507 | Allocation of Resources Without Limits or Throttling vulnerability in Strapi Strapi is the an open-source headless content management system. | 9.8 |
| 2022-05-19 | CVE-2022-30617 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Strapi An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. | 9.0 |
| 2019-12-05 | CVE-2019-19609 | OS Command Injection vulnerability in Strapi The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | 9.0 |