shopware/shopware vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-23498Highshopware/shopware: Shopware Has Improper Control of Generation of Code in Twig rendered viewsCVE-2025-67648Highshopware/shopware: Shopware Storefront Reflected XSS in Storefront Login PageGHSA-9V82-VCJX-M76JHighshopware/shopware: Shopware: Reflective Cross Site-Scripting (XSS) in CMS componentsGHSA-83JV-4PRM-34G7Criticalshopware/shopware: Shopware Remote Code Execution VulnerabilityGHSA-7336-GHHP-F2QJCriticalshopware/shopware: Shopware Remote Code Execution VulnerabilityGHSA-JQR7-5H7R-CH8PMediumshopware/shopware: Shopware Non-Persistent XSS in the FrontendGHSA-Q3G4-2VW9-XV27Criticalshopware/shopware: Shopware Remote Code Execution VulnerabilityCVE-2023-34099Mediumshopware/shopware: Shopware improper mail validation vulnerabilityCVE-2023-34098Mediumshopware/shopware: Shopware dependency configuration exposedCVE-2022-48150Mediumshopware/shopware: Shopware vulnerable to cross-site scripting (XSS)CVE-2022-36101Mediumshopware/shopware: Shopware contains sensitive data in backend customer moduleCVE-2022-36102Mediumshopware/shopware: Shopware access control list bypassed via crafted specific URLsCVE-2022-31148Mediumshopware/shopware: Shopware vulnerable to persistent cross site scripting (XSS) in customer moduleCVE-2022-31057Mediumshopware/shopware: Authenticated Stored Cross-site Scripting in ShopwareCVE-2019-12935Mediumshopware/shopware: Shopware Cross-site Scripting VulnerabilityCVE-2019-12799Highshopware/shopware: Shopware Insecure Deserialization VulnerabilityCVE-2017-15374Mediumshopware/shopware: Shopware XSS VulnerabilityCVE-2016-3109Criticalshopware/shopware: Shopware RCE VulnerabilityCVE-2018-20713Highshopware/shopware: Shopware SQL InjectionCVE-2017-18357Mediumshopware/shopware: Shopware XXE VulnerabilityCVE-2022-24892Mediumshopware/shopware: Multiple valid tokens for password reset in ShopwareCVE-2022-24879Highshopware/shopware: Malfunction of CSRF token validation in ShopwareCVE-2022-24873Mediumshopware/shopware: Reflected Cross-site Scripting in Shopware storefrontCVE-2022-21651Mediumshopware/shopware: Open redirect in shopwareCVE-2022-21652Lowshopware/shopware: Insufficient Session Expiration in shopware

Stop the waste.
Protect your environment with Kodem.