magento/community-edition vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2019-7849Highmagento/community-edition: Magento 2 Community Edition Session Fixation CheckCVE-2019-7852Mediummagento/community-edition: Magento 2 Community Edition Path DisclosureCVE-2018-5301Mediummagento/community-edition: Magento Cross-Site Request Forgery (CSRF)CVE-2022-24086Criticalmagento/community-edition: Magento improper input validation vulnerabilityCVE-2016-6485Highmagento/community-edition: Unauthenticated crypto and weak IV in Magento\Framework\EncryptionCVE-2019-8233Mediummagento/community-edition: Composer JavaScript injection possible via html commentsCVE-2019-8145Mediummagento/community-edition: Magento Cross-Site Scripting via Attribute Set NameCVE-2019-8133Mediummagento/community-edition: Bypass of sitemp access restrictionsCVE-2019-8135Criticalmagento/community-edition: Remote code execution via vulnerable Symphony dependecy injectionCVE-2019-8121Highmagento/community-edition: Using JS libraries with known security vulnerabilitiesCVE-2019-8126Mediummagento/community-edition: Information disclosure through processing of external XML entities

Stop the waste.
Protect your environment with Kodem.