bagisto/bagisto vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-6744Lowbagisto/bagisto: Bagisto affected by Server-Side Request ForgeryCVE-2026-6745Lowbagisto/bagisto: Bagisto affected by Cross-site ScriptingCVE-2026-21449Highbagisto/bagisto: Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege usersCVE-2026-21447Highbagisto/bagisto: Bagisto has IDOR in Customer Order Reorder FunctionalityCVE-2026-21448Highbagisto/bagisto: Bagisto has Normal & Blind SSTI from low-privilege user when ordering productCVE-2026-21450Highbagisto/bagisto: Bagisto SSTI vulnerability in type parameter can lead to RCECVE-2026-21451Mediumbagisto/bagisto: Bagisto has HTML Filter Bypass that Enables Stored XSSCVE-2026-21446Highbagisto/bagisto: Bagisto Missing Authentication on Installer API EndpointsCVE-2025-62414Mediumbagisto/bagisto: bagisto has Cross Site Scripting (XSS) in Create New CustomerCVE-2025-62417Criticalbagisto/bagisto: bagisto has CSV Formula Injection in Create New ProductCVE-2025-62418Mediumbagisto/bagisto: bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)CVE-2025-62416Mediumbagisto/bagisto: bagisto has Server Side Template Injection (SSTI) in Product DescriptionCVE-2025-62415Mediumbagisto/bagisto: bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)CVE-2025-60880Highbagisto/bagisto: Bagisto is vulnerable to XSS through Admin Panel's product creation pathCVE-2023-36238Mediumbagisto/bagisto: Bagisto vulnerable to Insecure Direct Object Reference (IDOR)CVE-2024-27499Mediumbagisto/bagisto: Bagist Cross-site Scripting vulnerabilityCVE-2023-36237Highbagisto/bagisto: Bagisto Cross-Site Request Forgery vulnerabilityCVE-2023-36236Mediumbagisto/bagisto: Cross-site Scripting in BagistoCVE-2019-14933Highbagisto/bagisto: Bagisto CSRF VulnerabilityCVE-2019-16403Mediumbagisto/bagisto: Authorization Bypass Through User-Controlled Key in Bagisto

Stop the waste.
Protect your environment with Kodem.