sylius/sylius vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-31825Mediumsylius/sylius: Sylius has a DQL Injection via API Order FiltersCVE-2026-31824Highsylius/sylius: Sylius has a Promotion Usage Limit Bypass via Race ConditionCVE-2026-31823Mediumsylius/sylius: Sylius Vulnerable to Authenticated Stored XSSCVE-2026-31822Mediumsylius/sylius: Sylius has a XSS vulnerability in checkout login formCVE-2026-31821Mediumsylius/sylius: Sylius is Missing Authorization in API v2 Add Item EndpointCVE-2026-31820Highsylius/sylius: Sylius affected by IDOR in Cart and Checkout LiveComponentsCVE-2026-31819Mediumsylius/sylius: Sylius has an Open Redirect via Referer HeaderCVE-2021-3841Mediumsylius/sylius: Cross site scripting in sylius/syliusCVE-2024-40633Highsylius/sylius: Sylius has a security vulnerability via adjustments API endpointCVE-2024-29376Mediumsylius/sylius: Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout…CVE-2024-34349Mediumsylius/sylius: Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options,…CVE-2022-24749MediumSylius/Sylius: Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/syliusCVE-2022-24743Highsylius/sylius: Insufficient Session Expiration in SyliusCVE-2022-24742Mediumsylius/sylius: Sensitive Information Exposure in SyliusCVE-2022-24733Mediumsylius/sylius: Improper Restriction of Rendered UI Layers or Frames in SyliusCVE-2021-32720Mediumsylius/sylius: List of order ids, number, items total and token value exposed for unauthorized uses via new APICVE-2020-15245Mediumsylius/sylius: Ability to switch customer email address on account detail page and stay verifiedCVE-2019-12186Mediumsylius/grid: XSS injection in the Grid component of SyliusCVE-2020-5218Lowsylius/sylius: Ability to switch channels via GET parameter enabled in production environmentsCVE-2020-5220Mediumsylius/resource-bundle: Ability to expose data in Sylius by using an unintended serialisation groupCVE-2019-16768Lowsylius/sylius: Internal exception message exposure for login action in Sylius

Stop the waste.
Protect your environment with Kodem.