shopware/core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-42357Mediumshopware/core: Shopware vulnerable to blind SQL-injection in DAL aggregationsCVE-2024-42356Highshopware/core: Shopware vulnerable to Server Side Template Injection in Twig using Context functionsCVE-2024-42355Highshopware/core: Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tagCVE-2024-42354Mediumshopware/core: Shopware vulnerable to Improper Access Control with ManyToMany associations in store-apiCVE-2024-31447Mediumshopware/core: Shopware Improper Session Handling in store-api account logoutCVE-2024-22407Mediumshopware/core: Broken Access Control order API in ShopwareCVE-2024-22406Criticalshopware/core: Blind SQL injection in shopwareCVE-2023-2017Highshopware/platform: Shopware Has Improper Control of Generation of Code in Twig rendered viewsCVE-2023-22734Mediumshopware/platform: Shopware has Improper Input Validation issue in newsletter subscriptionCVE-2023-22732Lowshopware/platform: Shopware has Insufficient Session Expiration in AdministrationCVE-2023-22733Lowshopware/platform: Shopware's log module vulnerable to Improper Output NeutralizationCVE-2023-22731Criticalshopware/platform: Shopware vulnerable to Improper Control of Generation of Code in Twig rendered viewsCVE-2023-22730Mediumshopware/platform: Shopware vulnerable to Improper Input Validation of Clearance sale in cartCVE-2020-13997Highshopware/core: Shopware database password is leaked to an unauthenticated usersCVE-2022-24872Highshopware/platform: Improper Access Control in ShopwareCVE-2022-24871Highshopware/platform: Server-Side Request Forgery (SSRF) in ShopwareCVE-2022-24748Mediumshopware/core: Incorrect Authentication in shopwareCVE-2022-24747Mediumshopware/platform: HTTP caching is marking private HTTP headers as public in ShopwareCVE-2022-24746Mediumshopware/platform: HTML injection possibility in voucher code form in ShopwareCVE-2022-24744Lowshopware/platform: Shopware user session is not logged out if the password is reset via password recoveryGHSA-R64M-QCHJ-HRJPCriticalshopware/core: Webcache Poisoning in shopware/platform and shopware/coreCVE-2021-37709Mediumshopware/platform: Insecure direct object reference of log files of the Import/Export featureCVE-2021-37708Highshopware/platform: Command injection in mail agent settingsCVE-2021-37707Mediumshopware/platform: Manipulation of product reviews via APICVE-2021-37710Highshopware/core: Cross-Site Scripting via SVG media files

Stop the waste.
Protect your environment with Kodem.