pkg:npm/@evershop/evershop

共 12 筆 CVECRITICAL1HIGH4MEDIUM5LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2023-46498Code execution in evershop
    from 0, < 1.0.0-rc.8
  • HIGH8.3CVE-2023-46496Directory Traversal in evershop
    from 0, < 1.0.0-rc.8
  • HIGH7.5CVE-2025-67419evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API
    from 0, <= 2.1.0
  • HIGH7.5CVE-2023-46942EverShop vulnerable to improper authorization in GraphQL endpoints
    from 0, < 1.0.0-rc.9
  • HIGH7.4CVE-2023-46943EverShop at risk to unauthorized access via weak HMAC secret
    from 0, < 1.0.0-rc.9
  • MEDIUM6.1CVE-2023-46495Cross-site Scripting in evershop
    from 0, < 1.0.0-rc.8
  • MEDIUM6.1CVE-2023-46499Cross-site Scripting in evershop
    from 0, < 1.0.0-rc.5
  • MEDIUM6.1CVE-2023-46494Cross Site Scripting in evershop
    from 0, < 1.0.0-rc.5
  • MEDIUM5.4CVE-2023-46497Directory Traversal in evershop
    from 0, < 1.0.0-rc.8
  • MEDIUM5.3CVE-2023-46493Directory Traversal in evershop
    from 0, < 1.0.0-rc.8
  • LOW3.7CVE-2025-12919EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
    from 0, <= 2.1.0
  • CVE-2025-67427evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
    from 0, <= 2.1.0