pkg:npm/@evershop/evershop

All known vulnerabilities

• CRITICAL9.8CVE-2023-46498Code execution in evershop
  from 0, < 1.0.0-rc.8
• HIGH8.3CVE-2023-46496Directory Traversal in evershop
  from 0, < 1.0.0-rc.8
• HIGH7.5CVE-2025-67419evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
  from 0, <= 2.1.0
• HIGH7.5CVE-2023-46942EverShop vulnerable to improper authorization in GraphQL endpoints
  from 0, < 1.0.0-rc.9
• HIGH7.4CVE-2023-46943EverShop at risk to unauthorized access via weak HMAC secret
  from 0, < 1.0.0-rc.9
• MEDIUM6.1CVE-2023-46495Cross-site Scripting in evershop
  from 0, < 1.0.0-rc.8
• MEDIUM6.1CVE-2023-46499Cross-site Scripting in evershop
  from 0, < 1.0.0-rc.5
• MEDIUM6.1CVE-2023-46494Cross Site Scripting in evershop
  from 0, < 1.0.0-rc.5
• MEDIUM5.4CVE-2023-46497Directory Traversal in evershop
  from 0, < 1.0.0-rc.8
• MEDIUM5.3CVE-2023-46493Directory Traversal in evershop
  from 0, < 1.0.0-rc.8
• LOW3.7CVE-2025-12919EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
  from 0, <= 2.1.0
• —CVE-2025-67427evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
  from 0, <= 2.1.0