Browse all 5 CVE security advisories affecting stripe. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Stripe provides payment processing infrastructure for online businesses, enabling secure financial transactions. Historically, common vulnerabilities include cross-site scripting (XSS), server-side request forgery (SSRF), and insecure direct object references (IDOR), with some instances leading to remote code execution. The platform has implemented robust security measures, including bug bounty programs and regular audits. While no major breaches have been publicly disclosed, five CVEs have been recorded, primarily involving input validation flaws and misconfigurations. Stripe's security posture emphasizes proactive vulnerability management and encryption of sensitive data, though the complexity of its payment ecosystem remains a potential attack surface for sophisticated adversaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45401 | stripe-cli Path Traversal vulnerability — stripe-cliCWE-22 | 7.6 | High | 2024-09-05 |
| CVE-2022-29188 | Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen — smokescreenCWE-918 | 5.3 | Medium | 2022-05-20 |
| CVE-2022-24825 | Smokescreen SSRF via deny list bypass — smokescreenCWE-918 | 5.8 | Medium | 2022-04-19 |
| CVE-2022-24753 | Code injection in Stripe CLI on windows — stripe-cliCWE-78 | 7.7 | High | 2022-03-09 |
| CVE-2021-21420 | Vulnerability in Stripe for Visual Studio Code < 1.7.3 — vscode-stripeCWE-74 | 7.5 | High | 2021-04-01 |
This page lists every published CVE security advisory associated with stripe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.