shopware/platform vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-42355Highshopware/core: Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tagCVE-2024-42354Mediumshopware/core: Shopware vulnerable to Improper Access Control with ManyToMany associations in store-apiCVE-2024-31447Mediumshopware/core: Shopware Improper Session Handling in store-api account logoutCVE-2024-27917Highshopware/storefront: Shopware's session is persistent in Cache for 404 pagesCVE-2024-22407Mediumshopware/core: Broken Access Control order API in ShopwareCVE-2024-22406Criticalshopware/core: Blind SQL injection in shopwareCVE-2023-2017Highshopware/platform: Shopware Has Improper Control of Generation of Code in Twig rendered viewsCVE-2023-22734Mediumshopware/platform: Shopware has Improper Input Validation issue in newsletter subscriptionCVE-2023-22732Lowshopware/platform: Shopware has Insufficient Session Expiration in AdministrationCVE-2023-22733Lowshopware/platform: Shopware's log module vulnerable to Improper Output NeutralizationCVE-2023-22731Criticalshopware/platform: Shopware vulnerable to Improper Control of Generation of Code in Twig rendered viewsCVE-2023-22730Mediumshopware/platform: Shopware vulnerable to Improper Input Validation of Clearance sale in cartCVE-2020-13997Highshopware/core: Shopware database password is leaked to an unauthenticated usersCVE-2020-13971Mediumshopware/platform: Shopware vulnerable to Cross-site ScriptingCVE-2020-13970Highshopware/platform: Shopware vulnerable to SSRFCVE-2022-24872Highshopware/platform: Improper Access Control in ShopwareCVE-2022-24871Highshopware/platform: Server-Side Request Forgery (SSRF) in ShopwareCVE-2022-24747Mediumshopware/platform: HTTP caching is marking private HTTP headers as public in ShopwareCVE-2022-24746Mediumshopware/platform: HTML injection possibility in voucher code form in ShopwareCVE-2022-24744Lowshopware/platform: Shopware user session is not logged out if the password is reset via password recoveryCVE-2022-24745Mediumshopware/platform: Shopware guest session is shared between customersGHSA-R64M-QCHJ-HRJPCriticalshopware/core: Webcache Poisoning in shopware/platform and shopware/coreCVE-2021-32717Highshopware/platform: Exposure of Sensitive Information to an Unauthorized ActorCVE-2021-32716Mediumshopware/platform: Exposure of Sensitive Information to an Unauthorized ActorCVE-2021-32711Criticalshopware/platform: Exposure of Sensitive Information to an Unauthorized Actor

Stop the waste.
Protect your environment with Kodem.