CMS
strapi/strapi
🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable, and developer-first.
#strapi#nodejs#api#dashboard#javascript#graphql#rest#cms#headless-cms#jamstack#customizable#hacktoberfest#mysql#content-management#cms-framework#content-management-system#typescript#no-code#posgresql
スコア
60
/ 100
Star
72,185
Fork
9,712
Open Issue
488
サイズ
620MB
言語
TypeScript ★
最終push
0 日前
Docker
—
採点内訳
過去CVE 20件 (やや多い)
✓直近 push: 1 日前
✓得意言語 (TypeScript)
✓オープンissue 488件
✓超大規模 (0.6GB)
—Docker 未対応
—50k–100k: 上級 (★72,185)
—※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (20 件)
- Leaking sensitive data via relational filtering due to lack of query sanitization
- Upload Plugin MIME Validation Bypass via Content API
- Rate limit bypass on auth routes due to invalid prefix checking
- Password Reset Does Not Revoke Existing Refresh Sessions
- SQL Injection in Content Type Builder
- Unauthorized Access to Private Fields via parms.lookup
- Weak Password Length Validation
- CORS Misconfiguration Leads to Sensitive Data Exposure
- Server - Side Request Forgery in Webhook function
- 3rd party token leak and authentication bypass
- Denial-of-Service via Improper Exception Handling
- Leaking data via relations via the Admin Panel
- Unauthorized Access to Private Fields in User Registration API
- Field level permissions not being respected in relationship title
- Leaking sensitive user information, user reset password, tokens via content-manager views
- Improper Rate Limiting
- Leaking sensitive user information still possible by filtering on private with prefix fields
- Making all attributes on a content-type public via review workflows
- SSTI to RCE in the Users-Permissions Plugin
- Authentication Bypass for AWS Cognito Login Provider