pkg:Packagist/magento/project-community-edition

All known vulnerabilities

• CRITICAL9.1CVE-2025-54236⚠ KEVMagento Community Edition Improper Input Validation vulnerability
  from 0, <= 2.0.2
• CRITICAL10.0CVE-2022-35698Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
  from 0, <= 2.0.2
• CRITICAL9.8Magento security mitigation bypass vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento business logic error vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento security mitigation bypass vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento Defense-in-depth security mitigation vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento Security mitigation bypass vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.0.2
• CRITICAL9.8Magento command injection vulnerability
  from 0, <= 2.0.2
• CRITICAL9.6Magento DOM-based Cross-site scripting vulnerability
  from 0, <= 2.0.2
• CRITICAL9.1Improper Authorization vulnerability in Magento and Adobe Commerce
  from 0, <= 2.0.2
• CRITICAL9.1Magento Open Source allows Cross-Site Scripting (XSS)
  from 0, <= 2.0.2
• CRITICAL9.1Magento Open Source allows OS Command Injection
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Magento Open Source allows Improper Neutralization of Special Elements Used
  from 0, <= 2.0.2
• CRITICAL9.1Magento Open Source allows Improper Neutralization of Special Elements Used
  from 0, <= 2.0.2
• CRITICAL9.1Magento is affected by an improper input validation vulnerability while saving a customer's details
  from 0, <= 2.0.2
• CRITICAL9.1Magento has a file extension restrictions bypass
  from 0, <= 2.0.2
• CRITICAL9.1Magento executes code via the API File Option Upload Extension
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
  from 0, <= 2.0.2
• CRITICAL9.1Arbitrary code execution via file import functionality
  from 0, <= 2.0.2
• CRITICAL9.0Magento Open Source allows Improper Input Validation
  from 0, <= 2.0.2
• HIGH8.8Magento Open Source allows Incorrect Authorization
  from 0, <= 2.0.2
• HIGH8.8Magento is affected by an improper input validation vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Cross-site Scripting vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento stored Cross-Site Scripting (XSS) vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Stored Cross-Site Scripting (XSS) Vulnerability
  from 0, <= 2.0.2
• HIGH8.7Magento Open Source allows Cross-Site Scripting (XSS)
  from 0, <= 2.0.2
• HIGH8.4Magento OS Command ('OS Command Injection') vulnerability
  from 0, <= 2.0.2
• HIGH8.4Magento OS Command ('OS Command Injection') vulnerability
  from 0, <= 2.0.2
• HIGH8.2Magento Improper Authorization leading to security feature bypass
  from 0, <= 2.0.2
• HIGH8.2Adobe Commerce Improper Authorization vulnerability
  from 0, <= 2.0.2
• HIGH8.1Magento provides incorrect authorization through a security feature bypass
  from 0, <= 2.0.2
• HIGH8.1Magento vulnerable to stored Cross-Site Scripting (XSS)
  from 0, <= 2.0.2
• HIGH8.1Magento Cross-Site Request Forgery (CSRF) vulnerability
  from 0, <= 2.0.2
• HIGH8.1Magento Improper Access Control vulnerability
  from 0, <= 2.0.2
• HIGH8.1Magento DOM-based Cross-Site Scripting (XSS) vulnerability
  from 0, <= 2.0.2
• HIGH8.1Magento Open Source allows Cross-Site Scripting (XSS)
  from 0, <= 2.0.2
• HIGH8.1Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
  from 0, <= 2.0.2
• HIGH8.0Magento Open Source allows SQL Injection
  from 0, <= 2.0.2
• HIGH8.0Magento Open Source allows SQL Injection
  from 0, <= 2.0.2
• HIGH8.0Magento Open Source allows SQL Injection
  from 0, <= 2.0.2
• HIGH8.0Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension
  from 0, <= 2.0.2
• HIGH7.7Magento Path Traversal vulnerability
  from 0, <= 2.0.2
• HIGH7.6Magento Stored Cross-Site Scripting (XSS) vulnerability
  from 0, <= 2.0.2
• HIGH7.5Magento has incorrect authorization issue that leads to arbitrary file system read
  from 0, <= 2.0.2
• HIGH7.5Magento vulnerable to denial of service
  from 0, <= 2.0.2
• HIGH7.5Adobe Commerce Path Traversal
  from 0, <= 2.0.2
• HIGH7.5Magento Open Source allows Improper Authorization
  from 0, <= 2.0.2
• HIGH7.5Magento Open Source affected by Improper Input Validation
  from 0, <= 2.0.2
• HIGH7.5Magento Open Source allows XML Injection
  from 0, <= 2.0.2
• HIGH7.5Magento affected by a server-side denial-of-service using a GraphQL field
  from 0, <= 2.0.2
• HIGH7.5Magento Commerce insecure storage of sensitive documentation
  from 0, <= 2.0.2
• HIGH7.5Magento authorization bypass vulnerability
  from 0, <= 2.0.2
• HIGH7.5Unauthenticated crypto and weak IV in Magento\Framework\Encryption
  >= 2.0, <= 2.0.2
• HIGH7.4Magento does not properly restrict excessive authentication attempts
  from 0, <= 2.0.2
• HIGH7.2Magento Open Source affected by Improper Input Validation
  from 0, <= 2.0.2
• HIGH7.2Magento XML Injection vulnerability in the Widgets Update Layout
  from 0, <= 2.0.2
• HIGH7.2Magento improper authorization vulnerability
  from 0, <= 2.0.2
• HIGH7.2Magento is affected by an os command injection via the Data collection endpoint
  from 0, <= 2.0.2
• HIGH7.2Magento affected by remote code execution via a file upload
  from 0, <= 2.0.2
• HIGH7.2Magento vulnerable to file upload attack
  from 0, <= 2.0.2
• HIGH7.2Magento Signature verification bypass
  from 0, <= 2.0.2
• HIGH7.2Magento 2 Community Edition RCE Vulnerability
  from 0, < 1.9.4.3
• MEDIUM6.9Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
  from 0, <= 2.0.2
• MEDIUM6.8Magento Open Source allows Server-Side Request Forgery (SSRF)
  from 0, <= 2.0.2
• MEDIUM6.5Magento vulnerable to privilege escalation due to incorrect authorization
  from 0, <= 2.0.2
• MEDIUM6.5Magento Improper Access Control vulnerability
  from 0, <= 2.0.2
• MEDIUM6.5Magento Information Exposure vulnerability
  from 0, <= 2.0.2
• MEDIUM6.5Magento Improper Access Control vulnerability
  from 0, <= 2.0.2
• MEDIUM6.5Magento Open Source allows Incorrect Authorization
  from 0, <= 2.0.2
• MEDIUM6.5Magento Open Source allows XML Injection
  from 0, <= 2.0.2
• MEDIUM6.5Magento Open Source allows Cross-Site Request Forgery (CSRF)
  from 0, <= 2.0.2
• MEDIUM6.5Magento affected by a business logic error in the placeOrder graphql mutation
  from 0, <= 2.0.2
• MEDIUM6.5Magento discloses sensitive information
  from 0, <= 2.0.2
• MEDIUM6.5Magento discloses sensitive information via the Multishipping Module
  from 0, <= 2.0.2
• MEDIUM6.5Magento is affected by an improper authorization vulnerability
  from 0, <= 2.0.2
• MEDIUM6.5Incorrect permissions following the deletion of a user role or deactivation of a user
  from 0, <= 2.0.2
• MEDIUM6.5Magento path traversal vulnerability
  from 0, <= 2.0.2
• MEDIUM6.1Magento stored cross-site scripting vulnerability
  from 0, <= 2.0.2
• MEDIUM6.1Magento stored cross-site scripting vulnerability
  from 0, <= 2.0.2
• MEDIUM5.9Magento allows incorrect authorization
  from 0, <= 2.0.2
• MEDIUM5.9Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
  from 0, <= 2.0.2
• MEDIUM5.6Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
  from 0, <= 2.0.2
• MEDIUM5.6Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
  from 0, <= 2.0.2
• MEDIUM5.4Magento stored Cross-Site Scripting (XSS) vulnerability
  from 0, <= 2.0.2
• MEDIUM5.4Magento Improper Access Control vulnerability
  from 0, <= 2.0.2
• MEDIUM5.4Magento Improper Authorization vulnerability
  from 0, <= 2.0.2