magento/community-edition Security Advisories for 2.2.0 (272)
-
[HIGH] Magento provides incorrect authorization through a security feature bypass
PKSA-sx8r-h4sj-cx12 CVE-2025-54263 GHSA-69x9-xp2j-w8g8
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-kfkq-dx9k-8hdv CVE-2025-54264 GHSA-2768-5wmv-cfff
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento allows incorrect authorization
PKSA-xbxj-3c74-rztg CVE-2025-54265 GHSA-r355-75hw-r8jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-k1pj-8rhw-k527 CVE-2025-54266 GHSA-pcrx-r49h-x2w5
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization
PKSA-cdwr-82gv-fq4r CVE-2025-54267 GHSA-qvwr-p3hj-j6jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[CRITICAL] Magento Community Edition Improper Input Validation vulnerability
PKSA-zy5h-f76g-zq5h CVE-2025-54236 GHSA-wh92-6q6g-px7j
Affected version: =2.4.9|>=2.4.8-beta1,<=2.4.8-p2|>=2.4.7-beta1,<=2.4.7-p7|=2.4.8|=2.4.7|>=2.4.9-alpha1,<=2.4.9-alpha2|=2.4.5|>=2.4.6-p1,<=2.4.6-p12|=2.4.6|<=2.4.5-p14
Reported by:
GitHub -
[HIGH] Magento vulnerable to denial of service
PKSA-pn21-84x4-fh3j CVE-2025-49554 GHSA-xgfm-992v-h2hr
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento Cross-Site Request Forgery (CSRF) vulnerability
PKSA-23gm-rmhm-83mc CVE-2025-49555 GHSA-5777-jj7p-mpqw
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read
PKSA-br3d-5r49-ycpt CVE-2025-49556 GHSA-7hrj-3c9x-xv5h
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[HIGH] Magento Cross-site Scripting vulnerability
PKSA-j53w-rgct-w5r6 CVE-2025-49557 GHSA-8mq8-c243-2335
Affected version: =2.4.8|>=2.4.7-p1,<2.4.7-p7|>=2.4.6-p1,<2.4.6-p12|>=2.4.5-p1,<2.4.5-p14|<2.4.4-p15
Reported by:
GitHub -
[MEDIUM] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-jghm-1dxh-r2mf CVE-2025-49558 GHSA-wcmw-8xpp-rwfj
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to path traversal
PKSA-j661-47kj-8y19 CVE-2025-49559 GHSA-h4f4-gv6h-x824
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p14|>=2.4.6-p1,<2.4.6-p12|>=2.4.7-beta1,<2.4.7-p7|>=2.4.8-beta1,<2.4.8-p2|>=2.4.9-alpha1,<2.4.9-alpha2
Reported by:
GitHub -
[LOW] Magento Authenticated Security feature bypass
PKSA-z33d-78qh-jd88 CVE-2025-49549 GHSA-85jx-x9r4-45m2
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[MEDIUM] Magento Security feature bypass
PKSA-w1hm-vgyt-d5ty CVE-2025-49550 GHSA-8hcx-xvww-6c6h
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[HIGH] Magento Improper Authorization leading to security feature bypass
PKSA-25jg-bht9-cn5m CVE-2025-43585 GHSA-r487-9vv5-75gg
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[CRITICAL] Magneto contains stored XSS vulnerability
PKSA-rb7h-1s2b-4dwg CVE-2025-47110 GHSA-j934-vjh5-vf9r
Affected version: =2.4.6|>=2.4.6-p1,<2.4.6-p11|=2.4.5|=2.4.8|=2.4.7|<2.4.5-p13|>=2.4.7-beta1,<2.4.7-p6|>=2.4.8-beta1,<2.4.8-p1
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to security feature bypass
PKSA-twxs-5jt6-zf4j CVE-2025-27206 GHSA-g2pj-xmxq-3r9q
Affected version: =2.4.8|=2.4.7|=2.4.6|=2.4.5|<2.4.5-p13|>=2.4.6-p1,<2.4.6-p11|>=2.4.7-beta1,<2.4.7-p6
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-w3p3-6vqg-qcmr CVE-2025-27188 GHSA-rr2g-rrjj-xw86
Affected version: >=2.4.8-beta1,<2.4.8|=2.4.7|>=2.4.7-p1,<2.4.7-p5|>=2.4.6-p1,<2.4.6-p10|>=2.4.5-p1,<2.4.5-p12|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p13
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-8xbp-3ytm-qmsr CVE-2025-27190 GHSA-6wq7-cg9h-mj6q
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-x76v-gf6x-15jx CVE-2025-27191 GHSA-vhcq-4xrm-2cr2
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[LOW] Magento does not properly protect credentials
PKSA-r73x-rxyx-dytq CVE-2025-27192 GHSA-2r94-wm5v-4prx
Affected version: =2.4.7|=2.4.6|=2.4.4|=2.4.5|>=2.4.8-beta1,<2.4.8-beta2|<2.4.4-p13|>=2.4.5-p1,<2.4.5-p12|>=2.4.6-p1,<2.4.6-p10|>=2.4.7-beta1,<2.4.7-p5
Reported by:
GitHub -
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-dkfb-rbxq-yjwm CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4|>=2.4.8-beta1,<2.4.8-beta2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-7r2g-km67-fzjj CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-4fbw-nxjw-pfvz CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-zmv5-8rn8-bcky CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-74vv-j3wm-1rmr CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-3fgq-966m-4b4d CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-scxw-rbh8-zprd CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-5cry-7724-1qnd CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|>=2.4.5-p1,<2.4.5-p11|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m4dw-3q4p-45bh CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m5fw-drjh-dkpx CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-1zf5-sgkc-jzyt CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-1xz1-g451-tt2n CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xvsr-wng1-pxg6 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-tbwj-d61p-nbfx CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-fnqn-wmgf-dz5q CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-6bw6-vk81-1ktc CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q458-hszg-5wns CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-cnnr-cdx4-pzsf CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q54t-8dp2-cc8r CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-rbtq-c7hb-whdk CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-kcjr-8cb1-qp39 CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-vygn-g55g-pygn CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-bfth-jyjv-9bmg CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: =2.4.8-beta1|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-mhqr-9knx-97tc CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-yx36-4pvc-fy33 CVE-2024-45131 GHSA-xc5p-773w-m3pm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-g59s-h86c-d272 CVE-2024-45132 GHSA-5f64-ppmg-cvvm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-k213-y2gv-f361 CVE-2024-45133 GHSA-j3mh-wx5f-2vhg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-fg7g-5j9c-3snf CVE-2024-45134 GHSA-4f89-5cwm-rm5g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-t8cd-w48x-nzyk CVE-2024-45135 GHSA-8pxg-gcp4-57ww
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[LOW] Magento Open Source Improper Access Control vulnerability
PKSA-zp2y-jcbv-86tw CVE-2024-45149 GHSA-w7rg-7wq2-pjrw
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-w47m-6mjs-p6p5 CVE-2024-45116 GHSA-873m-72g6-853g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Input Validation vulnerability
PKSA-11qw-117j-ntf6 CVE-2024-45117 GHSA-3fr3-gcqh-3m2g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Access Control vulnerability
PKSA-nmsp-4zh6-c2yy CVE-2024-45118 GHSA-cg52-68fv-94qq
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-7ymh-b7jr-kcyn CVE-2024-45119 GHSA-g9fm-wc6h-pvgj
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-5bd5-9qvn-r6z1 CVE-2024-45120 GHSA-47jp-46c9-25vf
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-5d5h-vdxk-9rb4 CVE-2024-45121 GHSA-2qhq-fw98-h6wg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-trg9-zwtk-rt2y CVE-2024-45122 GHSA-46fm-x82m-5f74
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
PKSA-q3cy-4db7-mxq5 CVE-2024-45123 GHSA-88x2-cq34-5fwc
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-g52f-ss82-znpd CVE-2024-45124 GHSA-w3p2-pc3h-69wv
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-vc9p-z4vk-zhsm CVE-2024-45125 GHSA-xg36-8c2v-jpxh
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
PKSA-rc6f-2sj1-779v CVE-2024-45127 GHSA-c89g-gq5r-2xw2
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-jqmh-mscm-q45w CVE-2024-45128 GHSA-qpp7-742q-58j3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-8ttm-6rvp-fshh CVE-2024-45129 GHSA-m58h-998x-66f3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-35sf-fj41-ym76 CVE-2024-45130 GHSA-v3v6-jfvw-m576
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Path Traversal vulnerability
PKSA-dw79-2frq-sm6h CVE-2024-39406 GHSA-6pxh-2557-5cj5
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery vulnerability
PKSA-dzsz-sjtm-vq7t CVE-2024-39408 GHSA-4cj6-f32v-6hgx
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-8qcx-d884-ntny CVE-2024-39409 GHSA-rf4q-m23c-7q8r
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-x9tz-w7x6-ncgm CVE-2024-39410 GHSA-4323-f82v-f6jr
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to security feature bypass
PKSA-4jrq-qp4c-nqw3 CVE-2024-39411 GHSA-qm77-mqf3-fmhq
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-sh88-myrv-9t1n CVE-2024-39412 GHSA-7472-vw39-g2j3
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-3dsp-c62d-w319 CVE-2024-39414 GHSA-x6f9-hv9r-fgq4
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization Leading to Security feature bypass
PKSA-dv99-1512-ggts CVE-2024-39415 GHSA-gj93-84g5-mcjq
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-ym4p-zvby-x7kh CVE-2024-39416 GHSA-4xgg-rw35-7mv5
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-2wt1-rrt9-7zvv CVE-2024-39417 GHSA-4xmj-f664-hv98
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-8fss-fb1w-96f7 CVE-2024-39419 GHSA-74w7-cr4v-wf2v
Affected version: =2.4.7|=2.4.6|=2.4.5|=2.4.4|<2.4.4-p10|>=2.4.5-p1,<2.4.5-p9|>=2.4.6-p1,<2.4.6-p7|>=2.4.7-beta1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj
Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4
Reported by:
GitHub -
[CRITICAL] Magento Open Source Improper Authentication vulnerability
PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento RCE,XSS and other vulnerabilities
PKSA-kpk5-y513-572m GHSA-8j7c-682x-r9f2
Affected version: >=2.2,<2.2.7|>=2.1,<2.1.16
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Scripting (XSS) vulnerability
PKSA-5t5x-vhfm-3pgq GHSA-mcfc-67vm-j568
Affected version: >=2.2,<2.2.6|>=2.1,<2.1.15
Reported by:
GitHub -
[CRITICAL] Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
PKSA-jf51-n33b-cds7 GHSA-5gmh-85x8-5cx7
Affected version: >=2.2,<2.2.5|>=2.1,<2.1.14
Reported by:
GitHub -
[HIGH] Magento Improper input validation vulnerability
PKSA-228k-hrjg-43zp CVE-2022-42344 GHSA-297f-r9w7-w492
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-ky72-2cr3-p8cw CVE-2022-34253 GHSA-cj7w-pm77-hvg6
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento Broken authentication and session managememt
PKSA-fmtx-jsbx-7thy CVE-2019-8149 GHSA-8mwx-wpp4-5xh4
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[HIGH] Magento remote code execution vulnerability
PKSA-n6w4-nyrd-3d71 CVE-2019-8154 GHSA-4v2q-hjx3-c4vr
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition SQLi Vulnerability
PKSA-dng6-6bwk-kv71 CVE-2019-7139 GHSA-4j6w-9rf8-hg7r
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-sqnp-kpv9-3k99 CVE-2021-39864 GHSA-94wq-87g6-8h77
Affected version: =2.4.2|<=2.3.7-p1|=2.4.3|>=2.4.2-p1,<=2.4.2-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability in the customers module
PKSA-98vv-8nyb-ffc5 CVE-2021-28567 GHSA-cc3w-r3w8-hfh7
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
PKSA-8582-qjd4-1g8s CVE-2021-28556 GHSA-39ch-rg26-gmq5
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Unauthorized access to restricted resources
PKSA-y9kv-15rd-x7qv CVE-2021-28563 GHSA-q9xx-4689-gvv5
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
PKSA-n22f-w4n6-g3fx CVE-2021-28583 GHSA-7gh6-f4jh-3crq
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal vulnerability
PKSA-kfxc-51yz-zbnf CVE-2021-28584 GHSA-7gpv-xrjr-f5h4
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Improper input validation vulnerability
PKSA-2gm6-m4rp-6fvz CVE-2021-28585 GHSA-c38m-9668-6j2w
Affected version: >=2.4.0,<2.4.2-p1|<2.3.7
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-48bg-fxg1-vkpy CVE-2021-21031 GHSA-4h3p-63x6-vwg2
Affected version: <2.3.6|>=2.4.0,<2.4.1-p1
Reported by:
GitHub -
[CRITICAL] Magento XML injection in the Widgets module
PKSA-6mpp-zh74-59gd CVE-2021-21019 GHSA-mw95-gmw4-883p
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module
PKSA-tw4y-fk6r-w8j9 CVE-2021-21022 GHSA-8pfq-g48p-x7w8
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console
PKSA-cv47-f2nq-tgnw CVE-2021-21023 GHSA-h5rm-m772-6qcx
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento Blind SQL Injection in the Search module
PKSA-392g-81d8-vhhm CVE-2021-21024 GHSA-rj4f-cp4v-hvcv
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento improper authorization vulnerability in the integrations module
PKSA-m4ck-h7wd-91mj CVE-2021-21026 GHSA-crjc-2v9m-8w7r
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
PKSA-njqv-gp7y-zc74 CVE-2021-21027 GHSA-h4xc-577p-hgj9
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento Reflected Cross-site Scripting vulnerability via 'file' parameter
PKSA-m8rz-jc2c-7m91 CVE-2021-21029 GHSA-jwxh-wj79-ccm6
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature
PKSA-7rd2-y8tt-4pxt CVE-2021-21030 GHSA-6988-g89m-27vf
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-whxx-hqxp-qv8z CVE-2021-21032 GHSA-4jfq-f8hc-775q
Affected version: <2.3.6|>=2.4.0,<2.4.1-p1
Reported by:
GitHub -
[CRITICAL] Magento vulnerable to a file upload restriction bypass
PKSA-yt4p-w22g-fdxr CVE-2021-21014 GHSA-269w-pqc7-68q9
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[CRITICAL] Magento OS Command Injection
PKSA-msgn-qz5c-7csr CVE-2021-21018 GHSA-rv48-v862-mp92
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control
PKSA-rx41-6862-pt82 CVE-2021-21020 GHSA-2j6v-829g-885q
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento XPath Injection
PKSA-q4sd-rbfw-bn9m CVE-2021-21025 GHSA-h437-qjj9-vmq4
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[HIGH] Magento OS command injection via the customer attribute save controller
PKSA-q4dq-szdv-ng3x CVE-2021-21015 GHSA-w2p4-2c8c-2g7h
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[CRITICAL] Magento OS command injection via the WebAPI
PKSA-g12r-tk3d-rbjb CVE-2021-21016 GHSA-792f-c8mp-2cr5
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Inventory module
PKSA-1278-33g9-g9k5 CVE-2020-24405 GHSA-p7m7-j8jv-393q
Affected version: >=2.4.0,<2.4.1|<=2.3.5-p2
Reported by:
GitHub -
[LOW] Magento information disclosure vulnerability
PKSA-8tng-rkwh-ddv6 CVE-2020-24406 GHSA-mr8q-7f5j-wc79
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-wd67-z9cy-8cfd CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.4.0
Reported by:
GitHub -
[HIGH] Magento SQL Injection vulnerability
PKSA-6ppv-y2gp-4ffp CVE-2020-24400 GHSA-pf6w-3pfw-fxvw
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-ds46-4wsj-k4fh CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component
PKSA-36s1-jszf-m523 CVE-2020-24402 GHSA-hvf5-4jr9-fghh
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[LOW] Magento incorrect user permissions vulnerability within the Inventory component
PKSA-g8kq-c8yg-8h4p CVE-2020-24403 GHSA-39rw-4m66-82gf
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[LOW] Magento 2 Community Edition vulnerable to Improper Authorization
PKSA-jj68-r2qs-83z3 CVE-2020-24404 GHSA-rwf7-652f-76mv
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-rs6t-7sf8-mdt8 CVE-2020-24408 GHSA-jxjc-6xmh-h7mg
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento observable timing discrepancy vulnerability
PKSA-sgbm-w22w-8y5q CVE-2020-9690 GHSA-xgp9-j48h-jjf9
Affected version: <2.3.5-p2
Reported by:
GitHub -
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability
PKSA-1h3y-11mm-5s7z CVE-2020-9691 GHSA-g7pc-799q-743f
Affected version: <2.3.5-p2
Reported by:
GitHub -
[MEDIUM] Magento security mitigation bypass vulnerability
PKSA-n3wq-hxkj-qzzb CVE-2020-9692 GHSA-vqg7-8v6x-54rq
Affected version: <2.3.5-p2
Reported by:
GitHub -
[MEDIUM] Magento path traversal vulnerability
PKSA-91z4-mk4h-z382 CVE-2020-9689 GHSA-fr6f-xmfx-rrpq
Affected version: <2.3.5-p2
Reported by:
GitHub -
[CRITICAL] Magento business logic error vulnerability
PKSA-y4vw-rdhk-sn74 CVE-2020-9630 GHSA-5j4w-v87m-8r65
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-1wqx-1cnj-jtp2 CVE-2020-9632 GHSA-6w29-x5j4-qhrw
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-wwnj-swgj-jknn CVE-2020-9631 GHSA-gffx-9f36-r8wp
Affected version: <=2.2.11|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[HIGH] Magento defense-in-depth security mitigation vulnerability
PKSA-sgdg-25nh-np4c CVE-2020-9591 GHSA-w7rh-9w5v-rwqj
Affected version: <=2.2.11|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-n9xc-krkj-r2rd CVE-2020-9582 GHSA-c3m4-hxv9-4mxj
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-mznr-75rk-j8zy CVE-2020-9583 GHSA-c55h-7q4j-g6rq
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting
PKSA-7nyp-tyvm-1rdx CVE-2020-9584 GHSA-45h4-6gcj-6hwv
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability
PKSA-n8n5-6cpw-fk4g CVE-2020-9585 GHSA-55gv-hfg3-hwjq
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[HIGH] Magento authorization bypass vulnerability
PKSA-zsx8-bvvd-km6v CVE-2020-9587 GHSA-8wm7-h2qh-ff4c
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[HIGH] Magento Signature verification bypass
PKSA-wspv-8fs3-txw3 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3
Affected version: <2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-g7vm-z2q8-7j7n CVE-2020-9576 GHSA-4f7x-gjqc-qqpg
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-pvdt-18mg-45y5 CVE-2020-9577 GHSA-689w-2f93-2x67
Affected version: <2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-qwf4-q3k1-nwcz CVE-2020-9578 GHSA-724x-gqhv-9c5x
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-dggw-rfy7-2ck2 CVE-2020-9579 GHSA-vrp3-wc28-qg2h
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-y417-v5jy-hdq4 CVE-2020-9580 GHSA-j2jp-58gv-g2pg
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-5gvz-2437-gh1r CVE-2020-9581 GHSA-2w2x-7qgj-4x78
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-cc2t-kk7v-64hm CVE-2020-3715 GHSA-mgg3-v948-2vgr
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[CRITICAL] Magento deserialization vulnerability
PKSA-gwp5-bgz9-66q7 CVE-2020-3716 GHSA-9wc9-498w-h8xv
Affected version: >=2.3.0,<2.3.4|>=2.2.0,<2.2.11
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal
PKSA-8zfy-sv4h-2bcj CVE-2020-3717 GHSA-874g-pxqp-frqp
Affected version: >=2.3.0,<2.3.4|>=2.2.0,<2.2.11
Reported by:
GitHub -
[CRITICAL] Magento security bypass vulnerability
PKSA-ct8f-pj9p-dqrm CVE-2020-3718 GHSA-x9p7-vgp2-9pq2
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[HIGH] Magento sql injection vulnerability
PKSA-q23r-htfp-sg1j CVE-2020-3719 GHSA-rr59-pjwj-6grj
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-f461-4xh2-5s64 CVE-2020-3758 GHSA-p5q3-xg47-653m
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition RCE Vulnerability
PKSA-c6n2-3zfm-6t3j CVE-2019-8232 GHSA-6vc8-3xf2-qrxx
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-nsqz-jbjd-kp92 CVE-2019-8150 GHSA-p783-gj6m-9r88
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento Server-Side Request Forgery (SSRF)
PKSA-qhdb-5pz9-bfpb CVE-2019-8151 GHSA-f73h-224c-62qr
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition SSRF vulnerability
PKSA-fm5t-q3zd-rvpy CVE-2019-8156 GHSA-775w-gx3f-4j4f
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Scripting via admin panel
PKSA-bmmw-67v7-w9s2 CVE-2019-8157 GHSA-vrw4-34p5-pjg5
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition XML Injection
PKSA-cywq-q3qm-4wgf CVE-2019-8158 GHSA-8p5c-f836-m4h7
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-bsg9-hcsz-qpvg CVE-2019-8159 GHSA-47h6-hfpv-7phj
Affected version: >=2.3,<2.3.2-p2|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Injection vulnerability via email templates
PKSA-6vvy-5djb-bykh CVE-2019-8143 GHSA-94q8-gx29-6mqv
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-3b5s-zmzv-sgt9 CVE-2019-8146 GHSA-6m27-3r8q-c7f7
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-sgrx-cngg-rm5s CVE-2019-8147 GHSA-v8fg-p27h-mxjp
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-dfqb-pjyz-hn7r CVE-2019-8152 GHSA-jjmg-xmq2-g6ff
Affected version: >=2.3,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Cross-site Scripting (XSS)
PKSA-7dth-n7fv-ctkq CVE-2019-8153 GHSA-273r-v888-vgc6
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento SQL injection via marketing account with access to email templates variables
PKSA-bkyb-htnd-17kr CVE-2019-8134 GHSA-45gj-78hc-4mvc
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-3nq5-2vq2-553v CVE-2019-8137 GHSA-jrjx-8gmw-jj2q
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-csvw-hxtm-xbm2 CVE-2019-8138 GHSA-85xw-3hp5-6fmc
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-b8s7-yxgs-fw59 CVE-2019-8139 GHSA-gjjm-4x3g-3h33
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Unrestricted file upload vulnerability
PKSA-jwzn-2m9s-vd1q CVE-2019-8140 GHSA-7pr3-34rg-g53m
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-pyks-35rb-jzmw CVE-2019-8141 GHSA-9wr9-fw9v-8fgr
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-jq74-6mvr-h8d7 CVE-2019-8142 GHSA-298q-wv2h-v5vw
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-bxny-d2nz-nqrq CVE-2019-8122 GHSA-5v5p-x8c2-mqxp
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Scripting via store name
PKSA-48w1-3cm7-b3mr CVE-2019-8128 GHSA-mhwc-4w67-xq2c
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Scripting via Signifyd Guarantee Option Translation Override
PKSA-py8x-n551-jh51 CVE-2019-8129 GHSA-wg25-j79r-v5wp
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[HIGH] Magento SQL injection vulnerability
PKSA-b98b-r27g-3whb CVE-2019-8130 GHSA-x42g-82pp-4v6g
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-8hnw-k6sr-1tz7 CVE-2019-8131 GHSA-vx7m-v8v2-fhwm
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-679r-qzyt-582r CVE-2019-8132 GHSA-g378-6fg4-gx3v
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition Insecure Component
PKSA-tc94-96z5-n94c CVE-2019-8136 GHSA-xgcp-59g2-wm8g
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-n3j3-cfxq-c1ph CVE-2019-8115 GHSA-29mr-gr4c-vf9c
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-tf98-htxw-83v5 CVE-2019-8117 GHSA-v99w-jxr4-w6mc
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Weak Cryptography
PKSA-c1rn-45xr-jkf2 CVE-2019-8118 GHSA-hmch-9947-82rj
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-hnh9-1zv5-f3f5 CVE-2019-8119 GHSA-j63v-wcf9-c9hm
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-ckkf-3r2x-fzy4 CVE-2019-8120 GHSA-985w-mqqp-7287
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Insufficient Logging
PKSA-fdk6-2v1x-rbvv CVE-2019-8123 GHSA-fp5m-4mqh-849p
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Insufficient Logging
PKSA-pzpb-xm2t-7gn5 CVE-2019-8124 GHSA-x5q5-6wvf-2fpq
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10|>=2.1.0,<2.1.19
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition SQLi Vulnerability
PKSA-31s6-v3xn-nkq8 CVE-2019-8127 GHSA-2x2q-2xpv-mcf9
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-scxb-tvk9-vdzf CVE-2019-8092 GHSA-56hf-w8gm-448q
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento Information Disclosure via File upload functionality
PKSA-1b2b-ycnm-4r37 CVE-2019-8093 GHSA-32x5-6p4q-q8jh
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Arbitrary File Deletion
PKSA-vwkf-dxfp-nbhc CVE-2019-8107 GHSA-2cg3-w597-rjfv
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Broken authentication and session managememt
PKSA-w434-3qwk-kv8d CVE-2019-8108 GHSA-92ph-xm9v-cg3j
Affected version: >=2.3,<2.3.2-p2|>=2.2,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability via CSRF
PKSA-z8gp-vddj-n4zr CVE-2019-8109 GHSA-x72m-p4qc-p7rv
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-h5tp-xpn5-8yfv CVE-2019-8110 GHSA-gfcq-wh3g-c6h4
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-8tjm-5z92-mc1r CVE-2019-8111 GHSA-2crc-5vq6-386r
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Security Bypass
PKSA-d4pg-bzsk-tptc CVE-2019-8112 GHSA-p9vf-4jx2-5hpp
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Weak PRNG
PKSA-ng8m-kd7x-wj3w CVE-2019-8113 GHSA-c4r2-3f9r-rwp8
Affected version: >=2.3.0,<2.3.2-p1|>=2.2.0,<2.2.10
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-qvmd-xx88-c5j8 CVE-2019-8114 GHSA-crv7-r357-gw3w
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10|<1.9.4.3
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Arbitrary File Deletion
PKSA-8gjt-9dy8-4vyy CVE-2019-8090 GHSA-653q-vqm6-gmjm
Affected version: >=2.3.0,<2.3.3|>=2.2.0,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition CSRF vulnerability
PKSA-1vkn-tbzc-c3xx CVE-2019-7947 GHSA-w392-68rg-pgg4
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Access Control Bypass
PKSA-fm7h-gpg4-64xt CVE-2019-7950 GHSA-2fhr-f6q6-c4p2
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Information Leak
PKSA-p7wg-4kdr-cnvc CVE-2019-7951 GHSA-5j25-5hjr-w7m2
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Unrestricted File Upload
PKSA-7jnx-9f1y-z2q9 CVE-2019-7930 GHSA-3h69-4frw-g2jm
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-3qwr-xdhk-k5j7 CVE-2019-7932 GHSA-969v-mwp3-4mr3
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-6225-yc2w-48sp CVE-2019-7934 GHSA-77mv-p94f-qcq4
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-bmkb-khn5-15rw CVE-2019-7935 GHSA-5c4g-p858-498x
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-v7d4-xgqk-4m8z CVE-2019-7936 GHSA-mf6x-7766-5cg8
Affected version: >=2.1.0,<2.1.18|>=2.2.0,<2.2.9|>=2.3.0,<2.3.2
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-m6c2-x42w-61fs CVE-2019-7937 GHSA-94fc-rxhv-vvf8
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-dg4h-7nhh-wxr2 CVE-2019-7938 GHSA-mgfr-44wv-hqv6
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Reflected cross-site scripting on customer cart page
PKSA-nmmr-st31-hfzb CVE-2019-7939 GHSA-r728-jwf5-f5r5
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-vdww-5tkw-w776 CVE-2019-7940 GHSA-cgm7-gjhw-rrf6
Affected version: >2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE
PKSA-y8bc-jkmc-pn52 CVE-2019-7942 GHSA-vvf9-fxhv-4rgj
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-xrcf-h4ws-ypw4 CVE-2019-7944 GHSA-3mxq-v9rw-m6x9
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-9szb-vxsf-mjb8 CVE-2019-7945 GHSA-c45w-p293-7cv6
Affected version: >=2.2.0,<2.2.9|>=2.3.0,<2.3.2|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Server-Side Request Forgery vulnerability
PKSA-d9g6-fdzr-4k86 CVE-2019-7911 GHSA-33cj-w75f-49m2
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento Filter extension bypass via crafted store configuration keys
PKSA-rgt4-vr3q-bgct CVE-2019-7912 GHSA-f8h9-7rpq-7qcc
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition SSRF vulnerability
PKSA-kmgb-r1fz-ww15 CVE-2019-7913 GHSA-hppc-rpfp-r8qw
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition DoS vulnerability
PKSA-7ht4-21cg-2x9b CVE-2019-7915 GHSA-prw8-gqwp-f7fh
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-nbfx-11jk-t1mq CVE-2019-7921 GHSA-gg96-8w9x-7rx9
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition SSRF vulnerability
PKSA-6vvy-fhnn-wtyv CVE-2019-7923 GHSA-hvcp-jvx5-4pmp
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) vulnerability
PKSA-x6gn-p4vg-ygyq CVE-2019-7925 GHSA-7g5j-q8qj-8984
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-8qtx-91bs-4pft CVE-2019-7926 GHSA-525g-rvh4-v5c9
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-95rg-d91v-6dmd CVE-2019-7927 GHSA-r68f-45jg-64m6
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition DoS vulnerability
PKSA-2gy3-zqdm-x2vb CVE-2019-7928 GHSA-hrg3-4q56-p2q5
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Information Disclosure
PKSA-twcf-4ws1-3d1d CVE-2019-7929 GHSA-h522-94xp-2xr6
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Injection Vulnerability
PKSA-xb6b-k5kr-gn15 CVE-2019-7889 GHSA-hxmp-jcqj-83hm
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition IDOR Vulnerability
PKSA-sg8t-hjy9-9kbh CVE-2019-7890 GHSA-3pgc-7jf3-5x5g
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability via SSRF
PKSA-84dj-rdbf-c626 CVE-2019-7892 GHSA-w3r8-fxv5-58pp
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-fcv1-zy4y-1xy4 CVE-2019-7895 GHSA-mw5w-cf76-73m8
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-h231-t5m1-jrk4 CVE-2019-7896 GHSA-2x55-mg9r-24f7
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-32nb-j63q-gjrd CVE-2019-7897 GHSA-jxp3-mmw7-8285
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Information Disclosure
PKSA-dxh2-mvvs-3n85 CVE-2019-7898 GHSA-vqxq-3wqv-r9xp
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Information Disclosure
PKSA-p59z-19r4-kqpk CVE-2019-7899 GHSA-274w-2j5w-m2xj
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-k775-6njr-xj6w CVE-2019-7903 GHSA-jhvh-mjfg-5m99
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Insufficient Access Controls
PKSA-djzr-xqvv-1cmt CVE-2019-7904 GHSA-5hcx-vg88-hgpm
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Cross-site Scripting in the admin panel
PKSA-gkyh-n3h9-x4qj CVE-2019-7908 GHSA-mgfv-4whf-c574
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-59jz-7s4b-zkmx CVE-2019-7909 GHSA-pw2f-m22m-p75c
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-18q2-q6dv-mf63 CVE-2019-7880 GHSA-ccjm-rgm5-rjjh
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-36nb-s7sk-c173 CVE-2019-7882 GHSA-ff7r-7rrm-wx6w
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-sm64-brpw-rshc CVE-2019-7885 GHSA-mp9r-rh95-f8f8
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Cryptographic Flaw
PKSA-s1qq-6q1j-9th1 CVE-2019-7886 GHSA-c2gg-rrhc-fvvg
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-gbqc-bvb9-9yy4 CVE-2019-7887 GHSA-rj8f-g5gm-jw5c
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Information Disclosure
PKSA-5p9s-cwky-6dng CVE-2019-7888 GHSA-9pgc-rvp9-rqv3
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting in admin panel
PKSA-979z-t77r-nm9r CVE-2019-7863 GHSA-p8gw-x2p7-vc73
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Cross-site Scripting in the admin panel
PKSA-fy8w-h495-w7xm CVE-2019-7868 GHSA-g4jh-vxqm-6fff
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Stored Cross-site Scripting vulnerability in the admin panel
PKSA-45wc-pj44-v8mp CVE-2019-7869 GHSA-9f4p-3jgf-98f5
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Unsafe File Upload
PKSA-25b2-wdbm-q6gb CVE-2019-7871 GHSA-v527-6h5r-cfg8
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Insufficient authorization check when adding users to company accounts
PKSA-b8wf-ncst-41bd CVE-2019-7872 GHSA-pfxv-66r9-4gqw
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-7myd-h133-31bh CVE-2019-7873 GHSA-8578-mmf4-f327
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-n41x-6fjd-pbhc CVE-2019-7874 GHSA-8v75-8jj8-77gf
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Cross-site Scripting Vulnerability
PKSA-qdyn-wnkp-1cdg CVE-2019-7875 GHSA-qmwh-rh2g-3682
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-fqj1-pmzb-b8rc CVE-2019-7876 GHSA-6qh6-v99h-vh4c
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-pzsy-p4mw-15rs CVE-2019-7877 GHSA-v5m6-2m78-4vr2
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-d3xs-2f8k-m6gy CVE-2019-7881 GHSA-7xqv-jgv6-x2h8
Affected version: >=2.3,<2.3.2|>=2.2,<2.2.9|>=2.1,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition IDOR Vulnerability
PKSA-ywt6-q3kk-gxfg CVE-2019-7854 GHSA-hpxv-vpfv-7jc9
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Request Forgery (CSRF)
PKSA-6j3j-gm8y-rc6r CVE-2019-7857 GHSA-f6ww-vqw2-xp3v
Affected version: >=2.3.0,<2.3.2|>=2.1.0,<2.1.18|>=2.2.0,<2.2.9
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Cryptographic Flaw
PKSA-nc5q-hsjb-nxjh CVE-2019-7858 GHSA-7h8v-f2g9-39fx
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Path Traversal Vulnerability
PKSA-7ndn-m4p2-skgr CVE-2019-7859 GHSA-hqhf-8jgc-h5hx
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Weak PRNG
PKSA-kr2n-7tmt-smd3 CVE-2019-7860 GHSA-8v9h-m7pj-hx7c
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Unsafe File Upload
PKSA-wf45-5g83-626w CVE-2019-7861 GHSA-j837-vm6w-6qcv
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-yz4h-918d-tckn CVE-2019-7862 GHSA-m3v2-r236-5xgq
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition IDOR Vulnerability
PKSA-vfqm-7mcx-wv3z CVE-2019-7864 GHSA-c33v-23rx-7qqc
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition CSRF Vulnerability
PKSA-qdpz-t83k-v8sb CVE-2019-7865 GHSA-wmrg-w9vg-7jqx
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-m57x-bvbm-wx42 CVE-2019-7866 GHSA-3ccx-7588-r6c6
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-zh21-4ckz-k1s6 CVE-2019-7867 GHSA-vx2g-f45p-j674
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition Session Fixation Check
PKSA-qbw8-9xzk-d6mr CVE-2019-7849 GHSA-v797-hfv8-v2xm
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition CSRF vulnerability
PKSA-jyw5-h1kg-cmsw CVE-2019-7851 GHSA-mhvf-j94g-3qp7
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Path Disclosure
PKSA-yqxx-rqqn-1k2k CVE-2019-7852 GHSA-xcgp-c6hp-cj4r
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-459s-yv3w-9p2k CVE-2019-7853 GHSA-mjgf-xmrr-6gvx
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Cryptographic Flaw
PKSA-cbx3-bnkd-c575 CVE-2019-7855 GHSA-2w26-gmqm-mc5p
Affected version: >=2.3.0,<2.3.2|>=2.2.0,<2.2.9|>=2.1.0,<2.1.18
Reported by:
GitHub -
[HIGH] Unauthenticated crypto and weak IV in Magento\Framework\Encryption
PKSA-4kzn-6ry6-q5bh CVE-2016-6485 GHSA-h7qw-mxrm-c6h2
Affected version: >=2.0,<2.2.6
Reported by:
GitHub -
[MEDIUM] Composer JavaScript injection possible via html comments
PKSA-s6vd-ty4r-kfmx CVE-2019-8233 GHSA-fm68-89m8-4gjj
Affected version: >=2.3,<2.3.3|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Scripting via Attribute Set Name
PKSA-hz8p-nfph-r554 CVE-2019-8145 GHSA-xv69-f7x5-r4qw
Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Bypass of sitemp access restrictions
PKSA-cx8c-7d4c-tj9s CVE-2019-8133 GHSA-62fx-3v4f-mwxm
Affected version: >=2.3,<2.3.2-p2|>=2.2,<2.2.10
Reported by:
GitHub -
[CRITICAL] Remote code execution via vulnerable Symphony dependecy injection
PKSA-8b5m-cnkc-vf8p CVE-2019-8135 GHSA-3q5x-7mxp-rp6j
Affected version: >=2.3,<2.3.2-p2|>=2.2,<2.2.10
Reported by:
GitHub -
[HIGH] Using JS libraries with known security vulnerabilities
PKSA-yc8x-7wf5-7ms7 CVE-2019-8121 GHSA-89ch-hqf9-rgp3
Affected version: >=2.3,<2.3.3|>=2.2,<2.2.10
Reported by:
GitHub -
[MEDIUM] Information disclosure through processing of external XML entities
PKSA-25tw-5qhs-qn2g CVE-2019-8126 GHSA-427g-2r83-3ccm
Affected version: >=2.3,<2.3.2-p2|>=2.2,<2.2.10
Reported by:
GitHub