VYPR

npm package

@strapi/core

pkg:npm/%40strapi/core

Vulnerabilities (3)

  • CVE-2025-53092Oct 16, 2025
    affected < 5.20.0fixed 5.20.0

    Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header

  • CVE-2025-25298Oct 16, 2025
    affected < 5.10.3fixed 5.10.3

    Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently truncated. A user can cr

  • CVE-2024-56143Oct 16, 2025
    affected >= 5.0.0, < 5.5.2fixed 5.5.2

    Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwor