magento/community-edition vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2021-36034Highmagento/project-community-edition: Magento affected by remote code execution via a file uploadCVE-2021-36043Highmagento/project-community-edition: Magento affected by a blind SSRF vulnerability in the bundled dotmailer extensionCVE-2021-36044Highmagento/project-community-edition: Magento affected by a server-side denial-of-service using a GraphQL fieldCVE-2021-28556Mediummagento/community-edition: Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookiesCVE-2021-28583Highmagento/community-edition: Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formatsCVE-2021-28563Mediummagento/community-edition: Magento Unauthorized access to restricted resourcesCVE-2021-28584Mediummagento/community-edition: Magento Path Traversal vulnerabilityCVE-2021-28585Mediummagento/community-edition: Magento Improper input validation vulnerabilityCVE-2021-21031Mediummagento/community-edition: Magento Insufficient Session ExpirationCVE-2021-21026Mediummagento/community-edition: Magento improper authorization vulnerability in the integrations moduleCVE-2021-21023Mediummagento/community-edition: Magento stored cross-site scripting vulnerability in the admin consoleCVE-2021-21032Mediummagento/community-edition: Magento Insufficient Session ExpirationCVE-2021-21022Mediummagento/community-edition: Magento Insecure Direct Object Reference (IDOR) in the product moduleCVE-2021-21019Criticalmagento/community-edition: Magento XML injection in the Widgets moduleCVE-2021-21029Mediummagento/community-edition: Magento Reflected Cross-site Scripting vulnerability via 'file' parameterCVE-2021-21030Highmagento/community-edition: Magento stored cross-site scripting (XSS) in the customer address upload featureCVE-2021-21024Criticalmagento/community-edition: Magento Blind SQL Injection in the Search moduleCVE-2021-21027Mediummagento/community-edition: Magento cross-site request forgery (CSRF) vulnerability via the GraphQL APICVE-2021-21018Criticalmagento/community-edition: Magento OS Command InjectionCVE-2021-21020Mediummagento/community-edition: Magento Improper Access ControlCVE-2021-21025Criticalmagento/community-edition: Magento XPath InjectionCVE-2021-21014Criticalmagento/community-edition: Magento vulnerable to a file upload restriction bypassCVE-2021-21015Highmagento/community-edition: Magento OS command injection via the customer attribute save controllerCVE-2021-21016Criticalmagento/community-edition: Magento OS command injection via the WebAPICVE-2020-24406Lowmagento/community-edition: Magento information disclosure vulnerability

Stop the waste.
Protect your environment with Kodem.