shopware/core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2021-37711Highshopware/platform: Authenticated server-side request forgery in file upload via URL.GHSA-243Q-G9J3-QF6RMediumshopware/platform: non-admin users can create integration role with administrator roleGHSA-GPMH-G94G-QRHRMediumshopware/platform: Internal hidden fields are visible on to many associations in admin apiGHSA-VRF2-XGHR-J52VHighshopware/platform: Private files publicly accessible with Cloud Storage providersGHSA-G7W8-PP9W-7P32Lowshopware/platform: Creation of order credits was not validated by acl in admin ordersGHSA-WQ3R-JWRQ-XG6WMediumshopware/platform: Canceling of orders not related to the logged-in userGHSA-88RC-3P98-RGVXCriticalshopware/platform: After order payment process manipulation in shopware/platform and shopware/core GHSA-QG7C-Q3VQ-RGXRCriticalshopware/core: Leak of information via Store-API aggregations in shopware/platform and shopware/coreGHSA-8PFH-MM2G-HMC3Lowshopware/platform: Authenticated Server Side Request ForgeryGHSA-CQ6H-W3MC-57F4Lowshopware/platform: Information exposure via query strings in URLGHSA-5Q58-X5H2-V5RXLowshopware/platform: Authenticated Privilege EscalationGHSA-P68V-FRGX-4RJPLowshopware/platform: Denial of Service via Cache FloodingGHSA-8XV9-QCR9-WW9JMediumshopware/platform: Authenticated XML External Entity ProcessingGHSA-QVHR-55HG-3QWVLowshopware/platform: Non-persistent XSS in the Storefront in ShopwareGHSA-QVC5-CFRR-384VLowshopware/platform: RCE in Third Party Library in Shopware

Stop the waste.
Protect your environment with Kodem.