pkg:Packagist/magento/community-edition

All known vulnerabilities

• CRITICAL9.8CVE-2024-34102⚠ KEVMagento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
• CRITICAL9.8CVE-2022-24086⚠ KEVMagento improper input validation vulnerability
  >= 2.3.3-p1, < 2.3.7-p3
• CRITICAL9.1CVE-2025-54236⚠ KEVMagento Community Edition Improper Input Validation vulnerability
  from 0, <= 2.4.5-p14
• CRITICAL10.0Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
• CRITICAL9.8Magento Broken authentication and session managememt
  >= 2.2, < 2.2.10
• CRITICAL9.8Magento 2 Community Edition SQLi Vulnerability
  >= 2.1.0, < 2.1.18
• CRITICAL9.8Magento security mitigation bypass vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento business logic error vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento security mitigation bypass vulnerability
  >= 2.3.0, < 2.3.4-p2
• CRITICAL9.8Magento command injection vulnerability
  >= 2.3.0, < 2.3.4-p2
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento Defense-in-depth security mitigation vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento Security mitigation bypass vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento command injection vulnerability
  >= 2.3.0, < 2.3.4-p2
• CRITICAL9.8Magento Security mitigation bypass vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.2.11
• CRITICAL9.8Magento security bypass vulnerability
  >= 2.3.0, < 2.3.4
• CRITICAL9.8Magento deserialization vulnerability
  >= 2.2.0, < 2.2.11
• CRITICAL9.8Magento 2 Community Edition XML Injection
  >= 2.2.0, < 2.2.10
• CRITICAL9.8Magento 2 Community Edition RCE Vulnerability
  >= 2.3, < 2.3.2-p1
• CRITICAL9.8Magento 2 Community Edition Insecure Component
  >= 2.2.0, < 2.2.10
• CRITICAL9.8Remote code execution via vulnerable Symphony dependecy injection
  >= 2.2, < 2.2.10
• CRITICAL9.6Magento DOM-based Cross-site scripting vulnerability
  from 0, < 2.3.5-p2
• CRITICAL9.1Magneto contains stored XSS vulnerability
  >= 2.4.8-beta1, < 2.4.8-p1
• CRITICAL9.1Improper Authorization vulnerability in Magento and Adobe Commerce
  >= 2.4.8-beta1, < 2.4.8-beta2
• CRITICAL9.1Magento Open Source allows OS Command Injection
• CRITICAL9.1Magento Open Source allows Cross-Site Scripting (XSS)
• CRITICAL9.1Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
  from 0, < 2.3.7-p1
• CRITICAL9.1Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
  from 0, < 2.3.7-p1
• CRITICAL9.1Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
  from 0, < 2.3.7-p1
• CRITICAL9.1Magento Open Source allows Improper Neutralization of Special Elements Used
• CRITICAL9.1Magento Open Source allows Improper Neutralization of Special Elements Used
• CRITICAL9.1Magento XML Injection vulnerability in the Widgets Module
  from 0, < 2.3.7-p4
• CRITICAL9.1Magento is affected by an improper input validation vulnerability while saving a customer's details
  from 0, < 2.3.7-p1
• CRITICAL9.1Magento executes code via the API File Option Upload Extension
• CRITICAL9.1Magento has a file extension restrictions bypass
• CRITICAL9.1Magento Commerce XML Injection Could Lead To Remote Code Execution
  from 0, < 2.3.6-p1
• CRITICAL9.1Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access
  from 0, < 2.3.6-p1
• CRITICAL9.1Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
  from 0, < 2.3.6-p1
• CRITICAL9.1Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
  from 0, < 2.3.6-p1
• CRITICAL9.1Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution
  from 0, < 2.3.6
• CRITICAL9.1Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
  from 0, < 2.3.6-p1
• CRITICAL9.1Arbitrary code execution via file import functionality
  from 0, < 2.4.1
• CRITICAL9.0Magento Open Source allows Improper Input Validation
• HIGH8.8Magento Open Source allows Incorrect Authorization
  >= 2.4.7-beta1, < 2.4.7-beta2
• HIGH8.8[CVE-2021-36032] Magento IDOR Leads to Account Takeover
  from 0, < 2.3.7-p4
• HIGH8.8Magento Improper Access Control vulnerability
  >= 2.3.0, < 2.3.7-p4
• HIGH8.8Magento remote code execution vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento is affected by an improper input validation vulnerability
  from 0, < 2.3.7-p1
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.2, < 2.2.10
• HIGH8.8Magento SQL injection via marketing account with access to email templates variables
  >= 2.2, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.1.0, < 2.1.19
• HIGH8.8Magento SQL injection vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento 2 Community Edition SQLi Vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento Information Disclosure via File upload functionality
  >= 2.2, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.2.0, < 2.2.10
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.1, < 2.1.18
• HIGH8.8Magento 2 Community Edition Unsafe File Upload
  >= 2.1.0, < 2.1.18
• HIGH8.8Magento 2 Community Edition RCE Vulnerability
  >= 2.1, < 2.1.18
• HIGH8.8Magento 2 Community Edition CSRF Vulnerability
  >= 2.1.0, < 2.1.18
• HIGH8.7Magento Cross-site Scripting vulnerability
  from 0, < 2.4.4-p15
• HIGH8.7Magento stored Cross-Site Scripting (XSS) vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.7Magento Open Source allows Cross-Site Scripting (XSS)
  >= 2.4.7-beta1, < 2.4.7-beta2
• HIGH8.5Magento Path Traversal vulnerability
  >= 2.3.0, < 2.3.7-p4
• HIGH8.4Magento OS Command ('OS Command Injection') vulnerability
  >= 2.4.7-beta1, < 2.4.7-p2
• HIGH8.4Magento OS Command ('OS Command Injection') vulnerability
  >= 2.4.7-beta1, < 2.4.7-p2
• HIGH8.2Magento Improper Authorization leading to security feature bypass
  >= 2.4.7-beta1, < 2.4.7-p6
• HIGH8.2Adobe Commerce Improper Authorization vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.2Magento Open Source Improper Authorization vulnerability
• HIGH8.1Magento vulnerable to stored Cross-Site Scripting (XSS)
  >= 2.4.9-alpha1, < 2.4.9-alpha3
• HIGH8.1Magento provides incorrect authorization through a security feature bypass
  >= 2.4.9-alpha1, < 2.4.9-alpha3
• HIGH8.1Magento Cross-Site Request Forgery (CSRF) vulnerability
  >= 2.4.9-alpha1, < 2.4.9-alpha2
• HIGH8.1Magento Improper Access Control vulnerability
  >= 2.4.7-beta1, < 2.4.7-p4
• HIGH8.1Magento Open Source Cross-Site Scripting (XSS) vulnerability
  >= 2.4.7-beta1, < 2.4.7-p3
• HIGH8.1Magento DOM-based Cross-Site Scripting (XSS) vulnerability
  >= 2.4.7-beta1, < 2.4.7-p2
• HIGH8.1Magento Open Source Improper Authentication vulnerability
• HIGH8.1Magento Open Source allows Cross-Site Scripting (XSS)
• HIGH8.1Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
  from 0, < 2.3.6
• HIGH8.0Magento Open Source allows SQL Injection
  >= 2.4.7-beta1, < 2.4.7-beta2
• HIGH8.0Magento Open Source allows SQL Injection
  >= 2.4.7-beta1, < 2.4.7-beta2
• HIGH8.0Magento Open Source allows SQL Injection
  >= 2.4.7-beta1, < 2.4.7-beta2
• HIGH8.0Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension
  from 0, < 2.3.7-p1
• HIGH8.0Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
  from 0, < 2.3.6-p1
• HIGH8.0Magento 2 Community Edition RCE Vulnerability via CSRF
  >= 2.2.0, < 2.2.10
• HIGH7.7Magento Path Traversal vulnerability
  >= 2.4.7-beta1, < 2.4.7-p2
• HIGH7.6Magento Open Source Improper Input Validation vulnerability
  >= 2.4.7-beta1, < 2.4.7-p3
• HIGH7.6Magento Stored Cross-Site Scripting (XSS) vulnerability
  >= 2.4.7-beta1, < 2.4.7-p2
• HIGH7.5Magento has incorrect authorization issue that leads to arbitrary file system read
  >= 2.4.9-alpha1, < 2.4.9-alpha2
• HIGH7.5Magento vulnerable to denial of service
  >= 2.4.9-alpha1, < 2.4.9-alpha2
• HIGH7.5Adobe Commerce Path Traversal
  >= 2.4.7-beta1, < 2.4.7-p4