shopware/platform vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2021-37709Mediumshopware/platform: Insecure direct object reference of log files of the Import/Export featureCVE-2021-37708Highshopware/platform: Command injection in mail agent settingsCVE-2021-37707Mediumshopware/platform: Manipulation of product reviews via APICVE-2021-37710Highshopware/core: Cross-Site Scripting via SVG media filesCVE-2021-37711Highshopware/platform: Authenticated server-side request forgery in file upload via URL.CVE-2021-32709Mediumshopware/platform: Missing Authentication for Critical FunctionGHSA-243Q-G9J3-QF6RMediumshopware/platform: non-admin users can create integration role with administrator roleGHSA-GPMH-G94G-QRHRMediumshopware/platform: Internal hidden fields are visible on to many associations in admin apiGHSA-VRF2-XGHR-J52VHighshopware/platform: Private files publicly accessible with Cloud Storage providersGHSA-G7W8-PP9W-7P32Lowshopware/platform: Creation of order credits was not validated by acl in admin ordersGHSA-WQ3R-JWRQ-XG6WMediumshopware/platform: Canceling of orders not related to the logged-in userGHSA-88RC-3P98-RGVXCriticalshopware/platform: After order payment process manipulation in shopware/platform and shopware/core GHSA-QG7C-Q3VQ-RGXRCriticalshopware/core: Leak of information via Store-API aggregations in shopware/platform and shopware/coreGHSA-PJJ4-JJGC-H3R8Mediumshopware/platform: Authenticated remote code executionCVE-2021-32710Lowshopware/platform: Potential Session HijackingGHSA-F2VV-H5X4-57GRCriticalshopware/platform: Leak of information via Store-APIGHSA-JVG4-9RC2-WVCRLowshopware/platform: Generation of fake documents via public GET-callGHSA-8PFH-MM2G-HMC3Lowshopware/platform: Authenticated Server Side Request ForgeryGHSA-CQ6H-W3MC-57F4Lowshopware/platform: Information exposure via query strings in URLGHSA-5Q58-X5H2-V5RXLowshopware/platform: Authenticated Privilege EscalationGHSA-P68V-FRGX-4RJPLowshopware/platform: Denial of Service via Cache FloodingGHSA-8XV9-QCR9-WW9JMediumshopware/platform: Authenticated XML External Entity ProcessingGHSA-QVHR-55HG-3QWVLowshopware/platform: Non-persistent XSS in the Storefront in ShopwareGHSA-QVC5-CFRR-384VLowshopware/platform: RCE in Third Party Library in Shopware

Stop the waste.
Protect your environment with Kodem.