shopware/platform vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-48013Mediumshopware/core: Shopware: SSRF in Media External-Link Endpoint Bypasses IP ValidationCVE-2026-48015Mediumshopware/core: Shopware: Stored XSS via SVG file upload — no SVG sanitizationCVE-2026-48016Mediumshopware/platform: Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-paymentCVE-2026-48014Mediumshopware/platform: Shopware: Admin API ACL Bypass in Order State Transition EndpointsCVE-2026-48012Mediumshopware/core: Shopware SSO referer trust leading to an arbitrary redirect targetCVE-2026-48011Lowshopware/platform: Shopware: Timing-attack on admin panel allowing enumeration of administrator usernamesCVE-2026-48010Mediumshopware/platform: Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accountsCVE-2026-48009Mediumshopware/platform: Shopware: Admin Account Takeover via User Recovery Hash ExposureCVE-2026-48008Mediumshopware/platform: Shopware: Privilege Escalation via Sync API Integration Admin Flag BypassCVE-2026-31889Highshopware/platform: Shopware vulnerable to a potential take over of app credentialsCVE-2026-31888Mediumshopware/platform: Shopware has user enumeration via distinct error codes on Store API login endpointCVE-2026-31887Highshopware/core: Shopware: Unauthenticated data extraction possible through store-api.order endpointGHSA-R2VG-HVJM-FG38Mediumshopware/platform: Shopware Customer Orders can be canceled, even if refunds are disabledGHSA-27C9-VP3W-6WW8Mediumshopware/platform: Shopware exposes sensitive user information via CSV export mappingGHSA-3CPP-FV95-MPR5Lowshopware/platform: Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoiceGHSA-6WH5-MW9H-5C3WLowshopware/platform: Shopware vulnerable to path traversal via Plugin uploadGHSA-M895-2HJ3-8CG9Mediumshopware/platform: Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by…CVE-2025-7954Mediumshopware/platform: Shopware race condition bypasses voucher restrictionsCVE-2025-32378Lowshopware/core: Shopware default newsletter opt-in settings allow for mass sign-up abuseGHSA-68WV-G3FW-PQ7QMediumshopware/core: Shopware Broken ACL on Document retrieval to access other customers documentsCVE-2025-27892Highshopware/core: Shopware Vulnerable to Blind SQL-injection in DAL aggregationsCVE-2025-30151Highshopware/core: Shopware allows Denial Of Service via password lengthCVE-2025-30150Mediumshopware/core: Shopware 6 allows attackers to check for registered accounts through the store-apiCVE-2024-42357Mediumshopware/core: Shopware vulnerable to blind SQL-injection in DAL aggregationsCVE-2024-42356Highshopware/core: Shopware vulnerable to Server Side Template Injection in Twig using Context functions

Stop the waste.
Protect your environment with Kodem.