magento/community-edition vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2021-36027Mediummagento/project-community-edition: Magento stored cross-site scripting vulnerabilityCVE-2021-36026Mediummagento/project-community-edition: Magento stored cross-site scripting vulnerability in the customer address upload featureCVE-2019-8149Criticalmagento/community-edition: Magento Broken authentication and session managememtCVE-2019-8154Highmagento/community-edition: Magento remote code execution vulnerabilityCVE-2019-7139Criticalmagento/community-edition: Magento 2 Community Edition SQLi VulnerabilityCVE-2021-39864Mediummagento/community-edition: Magento Open Source allows Cross-Site Request Forgery (CSRF)CVE-2021-28566Lowmagento/community-edition: Magento Information Disclosure vulnerabilityCVE-2021-28567Mediummagento/community-edition: Magento Improper Authorization vulnerability in the customers moduleCVE-2021-36012Mediummagento/project-community-edition: Magento affected by a business logic error in the placeOrder graphql mutationCVE-2021-36022Highmagento/project-community-edition: Magento XML Injection vulnerability in the Widgets Update LayoutCVE-2021-36020Highmagento/project-community-edition: Magento XML Injection vulnerability in the 'City' fieldCVE-2021-36025Criticalmagento/project-community-edition: Magento is affected by an improper input validation vulnerability while saving a customer's detailsCVE-2021-36024Highmagento/project-community-edition: Magento is affected by an os command injection via the Data collection endpointCVE-2021-36029Highmagento/project-community-edition: Magento improper authorization vulnerabilityCVE-2021-36028Criticalmagento/project-community-edition: Magento has an XML Injection vulnerabilityCVE-2021-36032Highmagento/project-community-edition: Magento is affected by an improper input validation vulnerabilityCVE-2021-36030Highmagento/project-community-edition: Magento allows attackers to alter the price of itemsCVE-2021-36033Criticalmagento/project-community-edition: Magento XML Injection vulnerability in the Widgets ModuleCVE-2021-36031Highmagento/project-community-edition: Magento Path Traversal vulnerability via the `theme[preview_image]` parameterCVE-2021-36038Mediummagento/project-community-edition: Magento discloses sensitive information via the Multishipping ModuleCVE-2021-36039Mediummagento/project-community-edition: Magento discloses sensitive informationCVE-2021-36040Criticalmagento/project-community-edition: Magento has a file extension restrictions bypassCVE-2021-36041Highmagento/project-community-edition: Magento vulnerable to file upload attackCVE-2021-36037Mediummagento/project-community-edition: Magento is affected by an improper authorization vulnerabilityCVE-2021-36042Criticalmagento/project-community-edition: Magento executes code via the API File Option Upload Extension

Stop the waste.
Protect your environment with Kodem.