@evershop/evershop vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-67427Medium@evershop/evershop: evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" APICVE-2025-67419High@evershop/evershop: evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" APICVE-2025-12919Low@evershop/evershop: EverShop is vulnerable to Unauthorized Order Information Access (IDOR)CVE-2023-46943Critical@evershop/evershop: EverShop at risk to unauthorized access via weak HMAC secretCVE-2023-46942High@evershop/evershop: EverShop vulnerable to improper authorization in GraphQL endpointsCVE-2023-46497Medium@evershop/evershop: Directory Traversal in evershopCVE-2023-46496High@evershop/evershop: Directory Traversal in evershopCVE-2023-46495Medium@evershop/evershop: Cross-site Scripting in evershopCVE-2023-46493Medium@evershop/evershop: Directory Traversal in evershopCVE-2023-46498Critical@evershop/evershop: Code execution in evershopCVE-2023-46494Medium@evershop/evershop: Cross Site Scripting in evershopCVE-2023-46499Medium@evershop/evershop: Cross-site Scripting in evershop

Stop the waste.
Protect your environment with Kodem.