magento/project-community-edition vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2021-36027Mediummagento/project-community-edition: Magento stored cross-site scripting vulnerabilityCVE-2021-36026Mediummagento/project-community-edition: Magento stored cross-site scripting vulnerability in the customer address upload featureCVE-2021-39864Mediummagento/community-edition: Magento Open Source allows Cross-Site Request Forgery (CSRF)CVE-2021-28567Mediummagento/community-edition: Magento Improper Authorization vulnerability in the customers moduleCVE-2021-36012Mediummagento/project-community-edition: Magento affected by a business logic error in the placeOrder graphql mutationCVE-2021-36022Highmagento/project-community-edition: Magento XML Injection vulnerability in the Widgets Update LayoutCVE-2021-36020Highmagento/project-community-edition: Magento XML Injection vulnerability in the 'City' fieldCVE-2021-36025Criticalmagento/project-community-edition: Magento is affected by an improper input validation vulnerability while saving a customer's detailsCVE-2021-36024Highmagento/project-community-edition: Magento is affected by an os command injection via the Data collection endpointCVE-2021-36029Highmagento/project-community-edition: Magento improper authorization vulnerabilityCVE-2021-36028Criticalmagento/project-community-edition: Magento has an XML Injection vulnerabilityCVE-2021-36032Highmagento/project-community-edition: Magento is affected by an improper input validation vulnerabilityCVE-2021-36030Highmagento/project-community-edition: Magento allows attackers to alter the price of itemsCVE-2021-36033Criticalmagento/project-community-edition: Magento XML Injection vulnerability in the Widgets ModuleCVE-2021-36031Highmagento/project-community-edition: Magento Path Traversal vulnerability via the `theme[preview_image]` parameterCVE-2021-36038Mediummagento/project-community-edition: Magento discloses sensitive information via the Multishipping ModuleCVE-2021-36039Mediummagento/project-community-edition: Magento discloses sensitive informationCVE-2021-36040Criticalmagento/project-community-edition: Magento has a file extension restrictions bypassCVE-2021-36041Highmagento/project-community-edition: Magento vulnerable to file upload attackCVE-2021-36037Mediummagento/project-community-edition: Magento is affected by an improper authorization vulnerabilityCVE-2021-36042Criticalmagento/project-community-edition: Magento executes code via the API File Option Upload ExtensionCVE-2021-36034Highmagento/project-community-edition: Magento affected by remote code execution via a file uploadCVE-2021-36043Highmagento/project-community-edition: Magento affected by a blind SSRF vulnerability in the bundled dotmailer extensionCVE-2021-36044Highmagento/project-community-edition: Magento affected by a server-side denial-of-service using a GraphQL fieldCVE-2021-28556Mediummagento/community-edition: Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies

Stop the waste.
Protect your environment with Kodem.