pkg:Packagist/magento/community-edition

共 353 筆 CVECRITICAL44HIGH104MEDIUM183LOW14

✅ 檢查你的版本

所有已知漏洞

CRITICAL9.8CVE-2024-34102⚠ KEVMagento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
CRITICAL9.8CVE-2022-24086⚠ KEVMagento improper input validation vulnerability
>= 2.3.3-p1, < 2.3.7-p3
CRITICAL9.1CVE-2025-54236⚠ KEVMagento Community Edition Improper Input Validation vulnerability
from 0, <= 2.4.5-p14
CRITICAL10.0CVE-2022-35698Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
CRITICAL9.8CVE-2019-8149Magento Broken authentication and session managememt
>= 2.2, < 2.2.10
CRITICAL9.8CVE-2019-7139Magento 2 Community Edition SQLi Vulnerability
>= 2.1.0, < 2.1.18
CRITICAL9.8CVE-2020-9630Magento business logic error vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9632Magento security mitigation bypass vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9631Magento security mitigation bypass vulnerability
>= 2.3.0, < 2.3.4-p2
CRITICAL9.8CVE-2020-9583Magento command injection vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9582Magento command injection vulnerability
>= 2.3.0, < 2.3.4-p2
CRITICAL9.8CVE-2020-9585Magento Defense-in-depth security mitigation vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9578Magento command injection vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9576Magento command injection vulnerability
>= 2.3.0, < 2.3.4-p2
CRITICAL9.8CVE-2020-9580Magento Security mitigation bypass vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-9579Magento Security mitigation bypass vulnerability
from 0, <= 2.2.11
CRITICAL9.8CVE-2020-3716Magento deserialization vulnerability
>= 2.2.0, < 2.2.11
CRITICAL9.8CVE-2020-3718Magento security bypass vulnerability
>= 2.3.0, < 2.3.4
CRITICAL9.8CVE-2019-8158Magento 2 Community Edition XML Injection
>= 2.2.0, < 2.2.10
CRITICAL9.8CVE-2019-8144Magento 2 Community Edition RCE Vulnerability
>= 2.3, < 2.3.2-p1
CRITICAL9.8CVE-2019-8136Magento 2 Community Edition Insecure Component
>= 2.2.0, < 2.2.10
CRITICAL9.8CVE-2019-8135Remote code execution via vulnerable Symphony dependecy injection
>= 2.2, < 2.2.10
CRITICAL9.6CVE-2020-9691Magento DOM-based Cross-site scripting vulnerability
from 0, < 2.3.5-p2
CRITICAL9.1CVE-2025-47110Magneto contains stored XSS vulnerability
>= 2.4.8-beta1, < 2.4.8-p1
CRITICAL9.1CVE-2025-24434Improper Authorization vulnerability in Magento and Adobe Commerce
>= 2.4.8-beta1, < 2.4.8-beta2
CRITICAL9.1CVE-2024-20720Magento Open Source allows OS Command Injection
CRITICAL9.1CVE-2024-20719Magento Open Source allows Cross-Site Scripting (XSS)
CRITICAL9.1CVE-2021-36021Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
from 0, < 2.3.7-p1
CRITICAL9.1CVE-2021-36036Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
from 0, < 2.3.7-p1
CRITICAL9.1CVE-2021-36023Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
from 0, < 2.3.7-p1
CRITICAL9.1CVE-2023-38208Magento Open Source allows Improper Neutralization of Special Elements Used
CRITICAL9.1CVE-2023-29297Magento Open Source allows Improper Neutralization of Special Elements Used
CRITICAL9.1CVE-2022-34253Magento XML Injection vulnerability in the Widgets Module
from 0, < 2.3.7-p4
CRITICAL9.1CVE-2021-36025Magento is affected by an improper input validation vulnerability while saving a customer's details
from 0, < 2.3.7-p1
CRITICAL9.1CVE-2021-36042Magento executes code via the API File Option Upload Extension
CRITICAL9.1CVE-2021-36040Magento has a file extension restrictions bypass
CRITICAL9.1CVE-2021-21024Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access
from 0, < 2.3.6-p1
CRITICAL9.1CVE-2021-21019Magento Commerce XML Injection Could Lead To Remote Code Execution
from 0, < 2.3.6-p1
CRITICAL9.1CVE-2021-21014Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
from 0, < 2.3.6-p1
CRITICAL9.1CVE-2021-21025Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
from 0, < 2.3.6-p1
CRITICAL9.1CVE-2021-21018Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution
from 0, < 2.3.6
CRITICAL9.1CVE-2021-21016Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
from 0, < 2.3.6-p1
CRITICAL9.1CVE-2020-24407Arbitrary code execution via file import functionality
from 0, < 2.4.1
CRITICAL9.0CVE-2024-20758Magento Open Source allows Improper Input Validation
HIGH8.8CVE-2023-38218Magento Open Source allows Incorrect Authorization
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH8.8CVE-2022-42344[CVE-2021-36032] Magento IDOR Leads to Account Takeover
from 0, < 2.3.7-p4
HIGH8.8CVE-2022-34255Magento Improper Access Control vulnerability
>= 2.3.0, < 2.3.7-p4
HIGH8.8CVE-2019-8154Magento remote code execution vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2021-36032Magento is affected by an improper input validation vulnerability
from 0, < 2.3.7-p1
HIGH8.8CVE-2019-8150Magento 2 Community Edition RCE Vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8159Magento 2 Community Edition RCE Vulnerability
>= 2.2, < 2.2.10
HIGH8.8CVE-2019-8137Magento 2 Community Edition RCE Vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8134Magento SQL injection via marketing account with access to email templates variables
>= 2.2, < 2.2.10
HIGH8.8CVE-2019-8122Magento 2 Community Edition RCE Vulnerability
>= 2.1.0, < 2.1.19
HIGH8.8CVE-2019-8130Magento SQL injection vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8127Magento 2 Community Edition SQLi Vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8111Magento 2 Community Edition RCE Vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8110Magento 2 Community Edition RCE Vulnerability
>= 2.2.0, < 2.2.10
HIGH8.8CVE-2019-8093Magento Information Disclosure via File upload functionality
>= 2.2, < 2.2.10
HIGH8.8CVE-2019-7885Magento 2 Community Edition RCE Vulnerability
>= 2.1, < 2.1.18
HIGH8.8CVE-2019-7871Magento 2 Community Edition Unsafe File Upload
>= 2.1.0, < 2.1.18
HIGH8.8CVE-2019-7876Magento 2 Community Edition RCE Vulnerability
>= 2.1, < 2.1.18
HIGH8.8CVE-2019-7865Magento 2 Community Edition CSRF Vulnerability
>= 2.1.0, < 2.1.18
HIGH8.7CVE-2025-49557Magento Cross-site Scripting vulnerability
from 0, < 2.4.4-p15
HIGH8.7CVE-2025-24438Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24413Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24416Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24412Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24410Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24415Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24417Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2025-24414Magento Stored Cross-Site Scripting (XSS) Vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.7CVE-2023-38219Magento Open Source allows Cross-Site Scripting (XSS)
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH8.5CVE-2022-34254Magento Path Traversal vulnerability
>= 2.3.0, < 2.3.7-p4
HIGH8.4CVE-2024-39402Magento OS Command ('OS Command Injection') vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
HIGH8.4CVE-2024-39401Magento OS Command ('OS Command Injection') vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
HIGH8.2CVE-2025-43585Magento Improper Authorization leading to security feature bypass
>= 2.4.7-beta1, < 2.4.7-p6
HIGH8.2CVE-2025-24409Adobe Commerce Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.2CVE-2024-34104Magento Open Source Improper Authorization vulnerability
HIGH8.1CVE-2025-54264Magento vulnerable to stored Cross-Site Scripting (XSS)
>= 2.4.9-alpha1, < 2.4.9-alpha3
HIGH8.1CVE-2025-54263Magento provides incorrect authorization through a security feature bypass
>= 2.4.9-alpha1, < 2.4.9-alpha3
HIGH8.1CVE-2025-49555Magento Cross-Site Request Forgery (CSRF) vulnerability
>= 2.4.9-alpha1, < 2.4.9-alpha2
HIGH8.1CVE-2025-24411Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
HIGH8.1CVE-2024-45116Magento Open Source Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
HIGH8.1CVE-2024-39400Magento DOM-based Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
HIGH8.1CVE-2024-34103Magento Open Source Improper Authentication vulnerability
HIGH8.1CVE-2024-20759Magento Open Source allows Cross-Site Scripting (XSS)
HIGH8.1CVE-2021-21030Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
from 0, < 2.3.6
HIGH8.0CVE-2023-38249Magento Open Source allows SQL Injection
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH8.0CVE-2023-38250Magento Open Source allows SQL Injection
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH8.0CVE-2023-38221Magento Open Source allows SQL Injection
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH8.0CVE-2021-36043Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension
from 0, < 2.3.7-p1
HIGH8.0CVE-2021-21015Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
from 0, < 2.3.6-p1
HIGH8.0CVE-2019-8109Magento 2 Community Edition RCE Vulnerability via CSRF
>= 2.2.0, < 2.2.10
HIGH7.7CVE-2024-39399Magento Path Traversal vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
HIGH7.6CVE-2024-45117Magento Open Source Improper Input Validation vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
HIGH7.6CVE-2024-39403Magento Stored Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
HIGH7.5CVE-2025-49554Magento vulnerable to denial of service
>= 2.4.9-alpha1, < 2.4.9-alpha2
HIGH7.5CVE-2025-49556Magento has incorrect authorization issue that leads to arbitrary file system read
>= 2.4.9-alpha1, < 2.4.9-alpha2
HIGH7.5CVE-2025-24406Adobe Commerce Path Traversal
>= 2.4.7-beta1, < 2.4.7-p4
HIGH7.5CVE-2023-38220Magento Open Source allows Improper Authorization
>= 2.4.7-beta1, < 2.4.7-beta2
HIGH7.5CVE-2023-22248Magento Open Source affected by Improper Input Validation
HIGH7.5CVE-2023-22247Magento Open Source allows XML Injection
>= 2.4.5-p1, < 2.4.5-p2
HIGH7.5CVE-2022-34256Magento Improper Authorization vulnerability
>= 2.3.0, < 2.3.7-p4
HIGH7.5CVE-2021-36044Magento affected by a server-side denial-of-service using a GraphQL field
HIGH7.5CVE-2021-28583Magento Commerce insecure storage of sensitive documentation
>= 2.4.0, < 2.4.2-p1
HIGH7.5CVE-2020-9591Magento defense-in-depth security mitigation vulnerability
>= 2.3.0, < 2.3.4-p2
HIGH7.5CVE-2020-9587Magento authorization bypass vulnerability
from 0, <= 2.2.11
HIGH7.5CVE-2020-3719Magento sql injection vulnerability
>= 2.3.0, < 2.3.4
HIGH7.5CVE-2019-8112Magento 2 Community Edition Security Bypass
>= 2.2.0, < 2.2.10
HIGH7.5CVE-2019-7950Magento 2 Community Edition Access Control Bypass
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7951Magento 2 Community Edition Information Leak
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7928Magento 2 Community Edition DoS vulnerability
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7915Magento 2 Community Edition DoS vulnerability
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7886Magento 2 Community Edition Cryptographic Flaw
>= 2.1, < 2.1.18
HIGH7.5CVE-2019-7859Magento 2 Community Edition Path Traversal Vulnerability
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7858Magento 2 Community Edition Cryptographic Flaw
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7854Magento 2 Community Edition IDOR Vulnerability
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7860Magento 2 Community Edition Weak PRNG
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7861Magento 2 Community Edition Unsafe File Upload
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2019-7849Magento 2 Community Edition Session Fixation Check
>= 2.1.0, < 2.1.18
HIGH7.5CVE-2016-6485Unauthenticated crypto and weak IV in Magento\Framework\Encryption
>= 2.0, < 2.2.6
HIGH7.4CVE-2024-39398Magento does not properly restrict excessive authentication attempts
>= 2.4.7-beta1, < 2.4.7-p2
HIGH7.3CVE-2019-7890Magento 2 Community Edition IDOR Vulnerability
>= 2.1, < 2.1.18
HIGH7.2CVE-2022-24093Magento Open Source affected by Improper Input Validation
HIGH7.2CVE-2021-36022Magento XML Injection vulnerability in the Widgets Update Layout
from 0, < 2.3.7-p1
HIGH7.2CVE-2021-36029Magento improper authorization vulnerability
from 0, < 2.3.7-p1
HIGH7.2CVE-2021-36024Magento is affected by an os command injection via the Data collection endpoint
from 0, < 2.3.7-p1
HIGH7.2CVE-2021-36034Magento affected by remote code execution via a file upload
HIGH7.2CVE-2021-36041Magento vulnerable to file upload attack
from 0, < 2.3.7-p1
HIGH7.2CVE-2020-9588Magento Signature verification bypass
from 0, < 2.3.4-p2
HIGH7.2CVE-2019-8156Magento 2 Community Edition SSRF vulnerability
>= 2.2.0, < 2.2.10
HIGH7.2CVE-2019-8151Magento Server-Side Request Forgery (SSRF)
>= 2.2.0, < 2.2.10
HIGH7.2CVE-2019-8141Magento 2 Community Edition RCE Vulnerability
>= 2.1.0, < 2.1.19
HIGH7.2CVE-2019-8119Magento 2 Community Edition RCE Vulnerability
>= 2.1.0, < 2.1.19
HIGH7.2CVE-2019-8114Magento 2 Community Edition RCE Vulnerability
from 0, < 1.9.4.3
HIGH7.2CVE-2019-7930Magento 2 Community Unrestricted File Upload
>= 2.1, < 2.1.18
HIGH7.2CVE-2019-7942Magento 2 Community Edition RCE
>= 2.1.0, < 2.1.18
HIGH7.2CVE-2019-7932Magento 2 Community Edition RCE Vulnerability
>= 2.1, < 2.1.18
HIGH7.2CVE-2019-7912Magento Filter extension bypass via crafted store configuration keys
>= 2.1, < 2.1.18
HIGH7.2CVE-2019-7911Magento 2 Community Edition Server-Side Request Forgery vulnerability
>= 2.1.0, < 2.1.18
HIGH7.2CVE-2019-7923Magento 2 Community Edition SSRF vulnerability
>= 2.1.0, < 2.1.18
HIGH7.2CVE-2019-7913Magento 2 Community Edition SSRF vulnerability
>= 2.1.0, < 2.1.18
HIGH7.2CVE-2019-7903Magento 2 Community Edition RCE Vulnerability
>= 2.1.0, < 2.1.18
HIGH7.2CVE-2019-7896Magento 2 Community Edition RCE Vulnerability
>= 2.1, < 2.1.18
HIGH7.2CVE-2019-7895Magento 2 Community Edition RCE Vulnerability
>= 2.1, < 2.1.18
HIGH7.2CVE-2019-7892Magento 2 Community Edition RCE Vulnerability via SSRF
>= 2.1, < 2.1.18
HIGH7.1CVE-2020-24400SQL injection allows arbitrary read from database
from 0, < 2.3.6
MEDIUM6.9CVE-2021-28556Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
>= 2.4.0, < 2.4.2-p1
MEDIUM6.8CVE-2024-39406Magento Open Source Path Traversal vulnerability
>= 2.4.7-p1, < 2.4.7-p2
MEDIUM6.8CVE-2023-26366Magento Open Source allows Server-Side Request Forgery (SSRF)
>= 2.4.7-beta1, < 2.4.7-beta2
MEDIUM6.6CVE-2019-8232Magento 2 Community Edition RCE Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM6.5CVE-2025-54267Magento vulnerable to privilege escalation due to incorrect authorization
>= 2.4.9-alpha1, < 2.4.9-alpha3
MEDIUM6.5CVE-2025-24427Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM6.5CVE-2025-24424Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM6.5CVE-2025-24408Magento Information Exposure vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM6.5CVE-2024-45132Magento Open Source Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM6.5CVE-2024-45118Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM6.5CVE-2024-34111Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
MEDIUM6.5CVE-2023-38209Magento Open Source allows Incorrect Authorization
MEDIUM6.5CVE-2023-29289Magento Open Source allows XML Injection
MEDIUM6.5CVE-2021-39864Magento Open Source allows Cross-Site Request Forgery (CSRF)
>= 2.4.2-p1, <= 2.4.2-p2
MEDIUM6.5CVE-2021-36012Magento affected by a business logic error in the placeOrder graphql mutation
from 0, < 2.3.7-p1
MEDIUM6.5CVE-2021-36037Magento is affected by an improper authorization vulnerability
MEDIUM6.5CVE-2021-36038Magento discloses sensitive information via the Multishipping Module
from 0, < 2.3.7-p1
MEDIUM6.5CVE-2021-36039Magento discloses sensitive information
from 0, < 2.3.7-p1
MEDIUM6.5CVE-2021-28563Magento Commerce improper Authorization via the 'Create Customer' endpoint
>= 2.4.0, < 2.4.2-p1
MEDIUM6.5CVE-2020-24401Incorrect permissions following the deletion of a user role or deactivation of a user
from 0, < 2.4.1
MEDIUM6.5CVE-2020-9692Magento security mitigation bypass vulnerability
from 0, < 2.3.5-p2
MEDIUM6.5CVE-2020-9689Magento path traversal vulnerability
from 0, < 2.3.5-p2
MEDIUM6.5CVE-2019-8143Magento Injection vulnerability via email templates
>= 2.2, < 2.2.10
MEDIUM6.5CVE-2019-8108Magento Broken authentication and session managememt
>= 2.2, < 2.2.10
MEDIUM6.5CVE-2019-8107Magento 2 Community Edition Arbitrary File Deletion
>= 2.2.0, < 2.2.10
MEDIUM6.5CVE-2019-8090Magento 2 Community Edition Arbitrary File Deletion
>= 2.2.0, < 2.2.10
MEDIUM6.5CVE-2019-7947Magento 2 Community Edition CSRF vulnerability
>= 2.1.0, < 2.1.18
MEDIUM6.5CVE-2019-7904Magento 2 Community Edition Insufficient Access Controls
>= 2.1.0, < 2.1.18
MEDIUM6.5CVE-2019-7889Magento 2 Community Edition Injection Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM6.5CVE-2019-7888Magento 2 Community Edition Information Disclosure
>= 2.1, < 2.1.18
MEDIUM6.5CVE-2019-7872Magento Insufficient authorization check when adding users to company accounts
>= 2.1, < 2.1.18
MEDIUM6.5CVE-2019-7874Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM6.5CVE-2019-7851Magento 2 Community Edition CSRF vulnerability
>= 2.1.0, < 2.1.18
MEDIUM6.5CVE-2018-5301Magento Cross-Site Request Forgery (CSRF)
from 0, < 2.0.10
MEDIUM6.5CVE-2019-8133Bypass of sitemp access restrictions
>= 2.2, < 2.2.10
MEDIUM6.1CVE-2024-45123Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM6.1CVE-2022-34257Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.3.0, < 2.3.7-p4
MEDIUM6.1CVE-2020-24408Stored XSS in customer address upload feature
from 0, < 2.4.1
MEDIUM6.1CVE-2020-9577Magento stored cross-site scripting vulnerability
from 0, < 2.3.4-p2
MEDIUM6.1CVE-2020-9581Magento stored cross-site scripting vulnerability
from 0, <= 2.2.11
MEDIUM6.1CVE-2020-3758Magento stored cross-site scripting vulnerability
>= 2.3.0, < 2.3.4
MEDIUM6.1CVE-2020-3715Magento stored cross-site scripting vulnerability
>= 2.3.0, < 2.3.4
MEDIUM6.1CVE-2019-8153Magento Cross-site Scripting (XSS)
>= 2.2.0, < 2.2.10
MEDIUM6.1CVE-2019-7939Magento Reflected cross-site scripting on customer cart page
>= 2.1, < 2.1.18
MEDIUM6.1CVE-2019-7877Magento 2 Community Edition XSS Vulnerability
>= 2.1, < 2.1.18
MEDIUM6.1CVE-2019-8233Composer JavaScript injection possible via html comments
>= 2.2, < 2.2.10
MEDIUM5.9CVE-2025-54265Magento allows incorrect authorization
>= 2.4.9-alpha1, < 2.4.9-alpha3
MEDIUM5.9CVE-2025-49558Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 2.4.9-alpha1, < 2.4.9-alpha2
MEDIUM5.6CVE-2021-21031Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
>= 2.4.0, < 2.4.1-p1
MEDIUM5.6CVE-2021-21032Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
>= 2.4.0, < 2.4.1-p1
MEDIUM5.5CVE-2022-34258Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.3.0, < 2.3.7-p4
MEDIUM5.4CVE-2025-24437Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM5.4CVE-2025-24428Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM5.4CVE-2024-45131Magento Open Source Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM5.4CVE-2024-45128Magento Open Source Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM5.4CVE-2024-39418Magento Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM5.4CVE-2021-28584Magento Commerce path traversal vulnerability in child theme store creation
>= 2.4.0, < 2.4.2-p1
MEDIUM5.4CVE-2020-9584Magento Stored cross-site scripting
>= 2.3.0, < 2.3.4-p2
MEDIUM5.4CVE-2019-8157Magento Cross-Site Scripting via admin panel
>= 2.2, < 2.2.10
MEDIUM5.4CVE-2019-8146Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8147Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8142Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8138Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8139Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8128Magento Cross-Site Scripting via store name
>= 2.2, < 2.2.10
MEDIUM5.4CVE-2019-8132Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8129Magento Cross-Site Scripting via Signifyd Guarantee Option Translation Override
>= 2.2, < 2.2.10
MEDIUM5.4CVE-2019-8131Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8120Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.19
MEDIUM5.4CVE-2019-8117Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-8092Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM5.4CVE-2019-7944Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM5.4CVE-2019-7945Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM5.4CVE-2019-7921Magento 2 Community Edition Cross-site Scripting Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM5.4CVE-2019-7882Magento 2 Community Edition XSS Vulnerability
>= 2.1, < 2.1.18
MEDIUM5.4CVE-2019-7881Magento 2 Community Edition XSS Vulnerability
>= 2.1, < 2.1.18
MEDIUM5.4CVE-2019-8145Magento Cross-Site Scripting via Attribute Set Name
>= 2.2, < 2.2.10
MEDIUM5.3CVE-2025-49559Magento vulnerable to path traversal
>= 2.4.9-alpha1, < 2.4.9-alpha2
MEDIUM5.3CVE-2025-27206Magento Improper Access Control leads to security feature bypass
>= 2.4.7-beta1, < 2.4.7-p6
MEDIUM5.3CVE-2025-27191Magento Improper Access Control leads to Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p5
MEDIUM5.3CVE-2025-27190Magento Improper Access Control leads to Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p5
MEDIUM5.3CVE-2025-24425Magento Business Logic Error vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM5.3CVE-2024-45124Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM5.3CVE-2024-34106Magento Open Source Incorrect Authorization vulnerability
MEDIUM5.3CVE-2024-34107Magento Open Source Improper Access Control vulnerability
MEDIUM5.3CVE-2023-38251Magento Open Source allows Uncontrolled Resource Consumption
>= 2.4.7-beta1, < 2.4.7-beta2
MEDIUM5.3CVE-2023-38207Magento Open Source allows XML Injection
MEDIUM5.3CVE-2023-29287Magento Open Source allows Information Exposure
MEDIUM5.3CVE-2023-29290Magento Open Source allows Incorrect Authorization
MEDIUM5.3CVE-2023-22250Magento Open Source allows Improper Access Control
>= 2.4.4-p1, < 2.4.4-p3
MEDIUM5.3CVE-2022-35689Magento Open Source allows Improper Access Control
>= 2.4.4-p1, < 2.4.4-p2
MEDIUM5.3CVE-2022-35692Magento Open Source has Improper Access Control vulnerability
>= 2.4.3-p1, < 2.4.3-p3
MEDIUM5.3CVE-2022-34259Magento Improper Access Control vulnerability
>= 2.3.0, < 2.3.7-p4
MEDIUM5.3CVE-2021-28585Magento Commerce improper input validation in customer customer webapi
>= 2.4.0, < 2.4.2-p1
MEDIUM5.3CVE-2021-21026Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, < 2.3.6-p1
MEDIUM5.3CVE-2021-21022Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, < 2.3.6-p1
MEDIUM5.3CVE-2021-21020Magento Commerce Improper Access Control Vulnerability
from 0, < 2.3.6
MEDIUM5.3CVE-2020-3717Magento Path Traversal
>= 2.2.0, < 2.2.11
MEDIUM5.3CVE-2019-8118Magento 2 Community Edition Weak Cryptography
>= 2.1.0, < 2.1.19
MEDIUM5.3CVE-2019-8123Magento 2 Community Edition Insufficient Logging
>= 2.1.0, < 2.1.19
MEDIUM5.3CVE-2019-8113Magento 2 Community Weak PRNG
>= 2.2.0, < 2.2.10
MEDIUM5.3CVE-2019-7898Magento 2 Community Edition Information Disclosure
>= 2.1, < 2.1.18
MEDIUM5.3CVE-2019-7899Magento 2 Community Edition Information Disclosure
>= 2.1.0, < 2.1.18
MEDIUM5.3CVE-2019-7864Magento 2 Community Edition IDOR Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM5.3CVE-2019-7855Magento 2 Community Cryptographic Flaw
>= 2.1.0, < 2.1.18
MEDIUM5.3CVE-2019-7852Magento 2 Community Edition Path Disclosure
>= 2.1.0, < 2.1.18
MEDIUM5.0CVE-2021-28567Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission
>= 2.4.0, < 2.4.2-p1
MEDIUM4.9CVE-2024-45119Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.9CVE-2024-20716Magento Open Source allows Uncontrolled Resource Consumption
MEDIUM4.9CVE-2023-26367Magento Open Source has Improper Input Validation Vulnerability
>= 2.4.7-beta1, < 2.4.7-beta2
MEDIUM4.9CVE-2023-29292Magento Open Source allows Server-Side Request Forgery (SSRF)
MEDIUM4.9CVE-2023-29291Magento Open Source allows Server-Side Request Forgery (SSRF)
MEDIUM4.9CVE-2020-24402Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
from 0, < 2.3.6
MEDIUM4.9CVE-2019-8140Magento Unrestricted file upload vulnerability
>= 2.2.0, < 2.2.10
MEDIUM4.9CVE-2019-8124Magento 2 Community Edition Insufficient Logging
>= 2.1.0, < 2.1.19
MEDIUM4.9CVE-2019-7925Magento Insecure Direct Object Reference (IDOR) vulnerability
>= 2.1, < 2.1.18
MEDIUM4.9CVE-2019-7929Magento 2 Community Edition Information Disclosure
>= 2.1.0, < 2.1.18
MEDIUM4.9CVE-2019-8126Information disclosure through processing of external XML entities
>= 2.2, < 2.2.10
MEDIUM4.8CVE-2025-54266Magento vulnerable to stored Cross-Site Scripting (XSS)
>= 2.4.9-alpha1, < 2.4.9-alpha3
MEDIUM4.8CVE-2024-45127Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.8CVE-2024-34105Magento Open Source Cross-Site Scripting (XSS) vulnerability
MEDIUM4.8CVE-2023-22249Magento Open Source allows Cross-Site Scripting (XSS)
MEDIUM4.8CVE-2021-21023Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
from 0, < 2.3.6
MEDIUM4.8CVE-2021-21029Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
from 0, < 2.3.6-p1
MEDIUM4.8CVE-2019-8148Magento 2 Community Edition XSS Vulnerability
>= 2.3.0, < 2.3.2-p2
MEDIUM4.8CVE-2019-8152Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM4.8CVE-2019-8115Magento 2 Community Edition XSS Vulnerability
>= 2.2.0, < 2.2.10
MEDIUM4.8CVE-2019-7938Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7934Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7937Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7936Magento 2 Community Edition XSS Vulnerability
>= 2.3.0, < 2.3.2
MEDIUM4.8CVE-2019-7935Magento 2 Community Edition XSS Vulnerability
>= 2.1, < 2.1.18
MEDIUM4.8CVE-2019-7926Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7927Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7897Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7908Magento Cross-site Scripting in the admin panel
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7909Magento 2 Community Edition Cross-site Scripting Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7887Magento 2 Community Edition Cross-site Scripting Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7880Magento 2 Community Edition XSS Vulnerability
>= 2.1, < 2.1.18
MEDIUM4.8CVE-2019-7863Magento Stored cross-site scripting in admin panel
>= 2.1, < 2.1.18
MEDIUM4.8CVE-2019-7868Magento Cross-site Scripting in the admin panel
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7875Magento 2 Community Edition Cross-site Scripting Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7869Magento Stored Cross-site Scripting vulnerability in the admin panel
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7862Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7866Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7867Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.8CVE-2019-7853Magento 2 Community Edition XSS Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.3CVE-2025-49550Magento Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p6
MEDIUM4.3CVE-2025-27188Magento Improper Authorization vulnerability
from 0, < 2.4.4-p13
MEDIUM4.3CVE-2025-24436Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM4.3CVE-2025-24435Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM4.3CVE-2025-24421Magento Incorrect Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
MEDIUM4.3CVE-2024-45121Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-45129Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-45125Magento Open Source Incorrect Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-45122Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-45120Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-45130Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
MEDIUM4.3CVE-2024-39410Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
>= 2.4.7-p1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39407Magento Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39408Magento Open Source Cross-Site Request Forgery vulnerability
>= 2.4.7-p1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39409Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
>= 2.4.7-p1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39415Magento Improper Authorization Leading to Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39416Magento Improper Authorization leads to Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39411Magento Improper Authorization leads to security feature bypass
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39417Magento Improper Authorization leads to Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39419Magento Improper Access Control Leads to Privilege escalation
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39412Magento Open Source Improper Authorization vulnerability
>= 2.4.7-p1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39414Magento Improper Access Control Leads to Privilege escalation
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39413Magento Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39405Magento Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-39404Magento Improper Authorization vulnerability
>= 2.4.7-beta1, < 2.4.7-p2
MEDIUM4.3CVE-2024-20718Magento Open Source allows Cross-Site Request Forgery (CSRF)
MEDIUM4.3CVE-2023-29288Magento Open Source allows Incorrect Authorization
MEDIUM4.3CVE-2023-29296Magento Open Source allows Incorrect Authorization
MEDIUM4.3CVE-2023-29294Magento Open Source has Business Logic Errors Vulnerability
MEDIUM4.3CVE-2023-29295Magento Open Source allows Incorrect Authorization
MEDIUM4.3CVE-2023-22251Magento Open Source allows Incorrect Authorization
>= 2.4.4-p1, < 2.4.4-p3
MEDIUM4.3CVE-2021-21027Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
from 0, < 2.3.6-p1
MEDIUM4.3CVE-2020-24405Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data
from 0, < 2.3.6
MEDIUM4.3CVE-2019-7873Magento 2 Community Edition Cross-site Scripting Vulnerability
>= 2.1.0, < 2.1.18
MEDIUM4.3CVE-2019-7857Magento Cross-Site Request Forgery (CSRF)
>= 2.2.0, < 2.2.9
MEDIUM4.2CVE-2020-9690Magento observable timing discrepancy vulnerability
from 0, < 2.3.5-p2
LOW3.7CVE-2025-24430Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
LOW3.7CVE-2025-24432Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
LOW3.7CVE-2021-28566Magento Commerce information disclosure during upload action leveraging a specially crafted file
>= 2.4.0, < 2.4.2-p1
LOW3.7CVE-2020-24406Document root path disclosure on Maintenance page
from 0, < 2.3.6
LOW3.5CVE-2025-24429Magento Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p4
LOW2.7CVE-2025-49549Magento Authenticated Security feature bypass
>= 2.4.7-beta1, < 2.4.7-p6
LOW2.7CVE-2025-27192Magento does not properly protect credentials
>= 2.4.7-beta1, < 2.4.7-p5
LOW2.7CVE-2024-45133Magento Open Source Information Exposure vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
LOW2.7CVE-2024-45135Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
LOW2.7CVE-2024-45149Magento Open Source Improper Access Control vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
LOW2.7CVE-2024-45134Magento Open Source Information Exposure vulnerability
>= 2.4.7-beta1, < 2.4.7-p3
LOW2.7CVE-2023-29293Magento Open Source affected by Improper Input Validation
LOW2.7CVE-2020-24404Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API
from 0, < 2.3.6
LOW2.7CVE-2020-24403Incorrect permissions could lead to unauthorized modification of inventory source data via REST API
from 0, < 2.3.6
—CVE-2021-36027Magento stored cross-site scripting vulnerability
from 0, < 2.3.7-p1
—CVE-2021-36026Magento stored cross-site scripting vulnerability in the customer address upload feature
from 0, < 2.3.7-p1
—CVE-2021-36020Magento XML Injection vulnerability in the 'City' field
from 0, < 2.3.7-p1
—CVE-2021-36033Magento XML Injection vulnerability in the Widgets Module
from 0, < 2.3.7-p1
—CVE-2021-36030Magento allows attackers to alter the price of items
from 0, < 2.3.7-p1
—CVE-2021-36031Magento Path Traversal vulnerability via the `theme[preview_image]` parameter
from 0, < 2.3.7-p1
—CVE-2021-36028Magento has an XML Injection vulnerability
from 0, < 2.3.7-p1
—CVE-2019-8121Using JS libraries with known security vulnerabilities
>= 2.2, < 2.2.10