pkg:npm/@vendure/core
2 total CVEsCRITICAL1
✅ Check your installed version
All known vulnerabilities
CRITICAL9.1CVE-2026-40887@vendure/core has a SQL Injection vulnerability >= 3.0.0, < 3.5.7
—CVE-2026-25050Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy from 0, < 3.5.3