pkg:RubyGems/spree_api

3 total CVEsHIGH1MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.7CVE-2020-26223Authorization bypass in Spree
    >= 3.7.0, < 3.7.13
  • MEDIUM6.5CVE-2026-22588Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification
    >= 3.7.0, < 4.10.2
  • CVE-2026-25758Unauthenticated Spree Commerce users can access all guest addresses
    from 0, < 4.10.3