magento/community-edition Security Advisories for 0.42.0-beta7 (117)
-
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-dkfb-rbxq-yjwm CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4|>=2.4.8-beta1,<2.4.8-beta2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-7r2g-km67-fzjj CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-4fbw-nxjw-pfvz CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-zmv5-8rn8-bcky CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-74vv-j3wm-1rmr CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-3fgq-966m-4b4d CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-scxw-rbh8-zprd CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-5cry-7724-1qnd CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|>=2.4.5-p1,<2.4.5-p11|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m4dw-3q4p-45bh CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m5fw-drjh-dkpx CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-1zf5-sgkc-jzyt CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-1xz1-g451-tt2n CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xvsr-wng1-pxg6 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-tbwj-d61p-nbfx CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-fnqn-wmgf-dz5q CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-6bw6-vk81-1ktc CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q458-hszg-5wns CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-cnnr-cdx4-pzsf CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q54t-8dp2-cc8r CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-rbtq-c7hb-whdk CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-kcjr-8cb1-qp39 CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-vygn-g55g-pygn CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-bfth-jyjv-9bmg CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: =2.4.8-beta1|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-mhqr-9knx-97tc CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-yx36-4pvc-fy33 CVE-2024-45131 GHSA-xc5p-773w-m3pm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-g59s-h86c-d272 CVE-2024-45132 GHSA-5f64-ppmg-cvvm
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-k213-y2gv-f361 CVE-2024-45133 GHSA-j3mh-wx5f-2vhg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Information Exposure vulnerability
PKSA-fg7g-5j9c-3snf CVE-2024-45134 GHSA-4f89-5cwm-rm5g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-t8cd-w48x-nzyk CVE-2024-45135 GHSA-8pxg-gcp4-57ww
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[LOW] Magento Open Source Improper Access Control vulnerability
PKSA-zp2y-jcbv-86tw CVE-2024-45149 GHSA-w7rg-7wq2-pjrw
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-w47m-6mjs-p6p5 CVE-2024-45116 GHSA-873m-72g6-853g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Input Validation vulnerability
PKSA-11qw-117j-ntf6 CVE-2024-45117 GHSA-3fr3-gcqh-3m2g
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Access Control vulnerability
PKSA-nmsp-4zh6-c2yy CVE-2024-45118 GHSA-cg52-68fv-94qq
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-7ymh-b7jr-kcyn CVE-2024-45119 GHSA-g9fm-wc6h-pvgj
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-5bd5-9qvn-r6z1 CVE-2024-45120 GHSA-47jp-46c9-25vf
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-5d5h-vdxk-9rb4 CVE-2024-45121 GHSA-2qhq-fw98-h6wg
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-trg9-zwtk-rt2y CVE-2024-45122 GHSA-46fm-x82m-5f74
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
PKSA-q3cy-4db7-mxq5 CVE-2024-45123 GHSA-88x2-cq34-5fwc
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-g52f-ss82-znpd CVE-2024-45124 GHSA-w3p2-pc3h-69wv
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-vc9p-z4vk-zhsm CVE-2024-45125 GHSA-xg36-8c2v-jpxh
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
PKSA-rc6f-2sj1-779v CVE-2024-45127 GHSA-c89g-gq5r-2xw2
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-jqmh-mscm-q45w CVE-2024-45128 GHSA-qpp7-742q-58j3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-8ttm-6rvp-fshh CVE-2024-45129 GHSA-m58h-998x-66f3
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-35sf-fj41-ym76 CVE-2024-45130 GHSA-v3v6-jfvw-m576
Affected version: =2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p11|>=2.4.5-p1,<2.4.5-p10|>=2.4.6-p1,<2.4.6-p8|>=2.4.7-beta1,<2.4.7-p3
Reported by:
GitHub -
[MEDIUM] Magento Open Source Path Traversal vulnerability
PKSA-dw79-2frq-sm6h CVE-2024-39406 GHSA-6pxh-2557-5cj5
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery vulnerability
PKSA-dzsz-sjtm-vq7t CVE-2024-39408 GHSA-4cj6-f32v-6hgx
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-8qcx-d884-ntny CVE-2024-39409 GHSA-rf4q-m23c-7q8r
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
PKSA-x9tz-w7x6-ncgm CVE-2024-39410 GHSA-4323-f82v-f6jr
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Authorization vulnerability
PKSA-sh88-myrv-9t1n CVE-2024-39412 GHSA-7472-vw39-g2j3
Affected version: =2.4.4|<2.4.4-p10|=2.4.5|>=2.4.5-p1,<2.4.5-p9|=2.4.6|>=2.4.6-p1,<2.4.6-p7|=2.4.7|>=2.4.7-p1,<2.4.7-p2
Reported by:
GitHub -
[MEDIUM] Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
PKSA-zmwm-kwzt-pms6 CVE-2024-34111 GHSA-jmqp-r3gg-6jh3
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
PKSA-71k8-bhfg-zj3d CVE-2024-34102 GHSA-m8cj-3v68-3cxj
Affected version: =2.4.7|=2.4.6|=2.4.5|<2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4
Reported by:
GitHub -
[CRITICAL] Magento Open Source Improper Authentication vulnerability
PKSA-29px-skjv-7bmn CVE-2024-34103 GHSA-f7q4-9gwv-6774
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[HIGH] Magento Open Source Improper Authorization vulnerability
PKSA-pbd2-8ctn-8ptb CVE-2024-34104 GHSA-wwj3-573j-rvvm
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Cross-Site Scripting (XSS) vulnerability
PKSA-gc3j-nr7v-3th6 CVE-2024-34105 GHSA-5632-wq7m-gfq9
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Incorrect Authorization vulnerability
PKSA-jfkj-qxdn-854f CVE-2024-34106 GHSA-p6h9-gx5g-wg64
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[MEDIUM] Magento Open Source Improper Access Control vulnerability
PKSA-mw1m-j257-zksc CVE-2024-34107 GHSA-r7cm-g469-wm4g
Affected version: <2.4.4-p9|>=2.4.5-p1,<2.4.5-p8|>=2.4.6-p1,<2.4.6-p6|=2.4.4|=2.4.5|=2.4.6|=2.4.7
Reported by:
GitHub -
[CRITICAL] Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
PKSA-5ns3-xcrq-3bqj GHSA-prpf-cj87-hwvr
Affected version: <1.9.3.9
Reported by:
GitHub -
[HIGH] Magento Improper input validation vulnerability
PKSA-228k-hrjg-43zp CVE-2022-42344 GHSA-297f-r9w7-w492
Affected version: =2.4.4|>=2.4.0,<2.4.3-p3|<2.3.7-p4
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-ky72-2cr3-p8cw CVE-2022-34253 GHSA-cj7w-pm77-hvg6
Affected version: >=2.4.0,<2.4.3-p3|>=2.4.4,<2.4.5|<2.3.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-sqnp-kpv9-3k99 CVE-2021-39864 GHSA-94wq-87g6-8h77
Affected version: =2.4.2|<=2.3.7-p1|=2.4.3|>=2.4.2-p1,<=2.4.2-p2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability in the customers module
PKSA-98vv-8nyb-ffc5 CVE-2021-28567 GHSA-cc3w-r3w8-hfh7
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
PKSA-8582-qjd4-1g8s CVE-2021-28556 GHSA-39ch-rg26-gmq5
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Unauthorized access to restricted resources
PKSA-y9kv-15rd-x7qv CVE-2021-28563 GHSA-q9xx-4689-gvv5
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
PKSA-n22f-w4n6-g3fx CVE-2021-28583 GHSA-7gh6-f4jh-3crq
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal vulnerability
PKSA-kfxc-51yz-zbnf CVE-2021-28584 GHSA-7gpv-xrjr-f5h4
Affected version: <2.3.7|>=2.4.0,<2.4.2-p1
Reported by:
GitHub -
[MEDIUM] Magento Improper input validation vulnerability
PKSA-2gm6-m4rp-6fvz CVE-2021-28585 GHSA-c38m-9668-6j2w
Affected version: >=2.4.0,<2.4.2-p1|<2.3.7
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-48bg-fxg1-vkpy CVE-2021-21031 GHSA-4h3p-63x6-vwg2
Affected version: <2.3.6|>=2.4.0,<2.4.1-p1
Reported by:
GitHub -
[CRITICAL] Magento XML injection in the Widgets module
PKSA-6mpp-zh74-59gd CVE-2021-21019 GHSA-mw95-gmw4-883p
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module
PKSA-tw4y-fk6r-w8j9 CVE-2021-21022 GHSA-8pfq-g48p-x7w8
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console
PKSA-cv47-f2nq-tgnw CVE-2021-21023 GHSA-h5rm-m772-6qcx
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento Blind SQL Injection in the Search module
PKSA-392g-81d8-vhhm CVE-2021-21024 GHSA-rj4f-cp4v-hvcv
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento improper authorization vulnerability in the integrations module
PKSA-m4ck-h7wd-91mj CVE-2021-21026 GHSA-crjc-2v9m-8w7r
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
PKSA-njqv-gp7y-zc74 CVE-2021-21027 GHSA-h4xc-577p-hgj9
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento Reflected Cross-site Scripting vulnerability via 'file' parameter
PKSA-m8rz-jc2c-7m91 CVE-2021-21029 GHSA-jwxh-wj79-ccm6
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature
PKSA-7rd2-y8tt-4pxt CVE-2021-21030 GHSA-6988-g89m-27vf
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-whxx-hqxp-qv8z CVE-2021-21032 GHSA-4jfq-f8hc-775q
Affected version: <2.3.6|>=2.4.0,<2.4.1-p1
Reported by:
GitHub -
[CRITICAL] Magento vulnerable to a file upload restriction bypass
PKSA-yt4p-w22g-fdxr CVE-2021-21014 GHSA-269w-pqc7-68q9
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[CRITICAL] Magento OS Command Injection
PKSA-msgn-qz5c-7csr CVE-2021-21018 GHSA-rv48-v862-mp92
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control
PKSA-rx41-6862-pt82 CVE-2021-21020 GHSA-2j6v-829g-885q
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento XPath Injection
PKSA-q4sd-rbfw-bn9m CVE-2021-21025 GHSA-h437-qjj9-vmq4
Affected version: >=2.4.0,<2.4.1-p1|<2.3.6-p1
Reported by:
GitHub -
[HIGH] Magento OS command injection via the customer attribute save controller
PKSA-q4dq-szdv-ng3x CVE-2021-21015 GHSA-w2p4-2c8c-2g7h
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[CRITICAL] Magento OS command injection via the WebAPI
PKSA-g12r-tk3d-rbjb CVE-2021-21016 GHSA-792f-c8mp-2cr5
Affected version: >=2.4.0,<2.4.2|<2.3.6-p1
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Inventory module
PKSA-1278-33g9-g9k5 CVE-2020-24405 GHSA-p7m7-j8jv-393q
Affected version: >=2.4.0,<2.4.1|<=2.3.5-p2
Reported by:
GitHub -
[LOW] Magento information disclosure vulnerability
PKSA-8tng-rkwh-ddv6 CVE-2020-24406 GHSA-mr8q-7f5j-wc79
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-wd67-z9cy-8cfd CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.4.0
Reported by:
GitHub -
[HIGH] Magento SQL Injection vulnerability
PKSA-6ppv-y2gp-4ffp CVE-2020-24400 GHSA-pf6w-3pfw-fxvw
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-ds46-4wsj-k4fh CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component
PKSA-36s1-jszf-m523 CVE-2020-24402 GHSA-hvf5-4jr9-fghh
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[LOW] Magento incorrect user permissions vulnerability within the Inventory component
PKSA-g8kq-c8yg-8h4p CVE-2020-24403 GHSA-39rw-4m66-82gf
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[LOW] Magento 2 Community Edition vulnerable to Improper Authorization
PKSA-jj68-r2qs-83z3 CVE-2020-24404 GHSA-rwf7-652f-76mv
Affected version: =2.4.0|<2.3.6
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition XSS Vulnerability
PKSA-rs6t-7sf8-mdt8 CVE-2020-24408 GHSA-jxjc-6xmh-h7mg
Affected version: <=2.4.0
Reported by:
GitHub -
[MEDIUM] Magento observable timing discrepancy vulnerability
PKSA-sgbm-w22w-8y5q CVE-2020-9690 GHSA-xgp9-j48h-jjf9
Affected version: <2.3.5-p2
Reported by:
GitHub -
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability
PKSA-1h3y-11mm-5s7z CVE-2020-9691 GHSA-g7pc-799q-743f
Affected version: <2.3.5-p2
Reported by:
GitHub -
[MEDIUM] Magento security mitigation bypass vulnerability
PKSA-n3wq-hxkj-qzzb CVE-2020-9692 GHSA-vqg7-8v6x-54rq
Affected version: <2.3.5-p2
Reported by:
GitHub -
[MEDIUM] Magento path traversal vulnerability
PKSA-91z4-mk4h-z382 CVE-2020-9689 GHSA-fr6f-xmfx-rrpq
Affected version: <2.3.5-p2
Reported by:
GitHub -
[CRITICAL] Magento business logic error vulnerability
PKSA-y4vw-rdhk-sn74 CVE-2020-9630 GHSA-5j4w-v87m-8r65
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-1wqx-1cnj-jtp2 CVE-2020-9632 GHSA-6w29-x5j4-qhrw
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-wwnj-swgj-jknn CVE-2020-9631 GHSA-gffx-9f36-r8wp
Affected version: <=2.2.11|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[HIGH] Magento defense-in-depth security mitigation vulnerability
PKSA-sgdg-25nh-np4c CVE-2020-9591 GHSA-w7rh-9w5v-rwqj
Affected version: <=2.2.11|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-n9xc-krkj-r2rd CVE-2020-9582 GHSA-c3m4-hxv9-4mxj
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-mznr-75rk-j8zy CVE-2020-9583 GHSA-c55h-7q4j-g6rq
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting
PKSA-7nyp-tyvm-1rdx CVE-2020-9584 GHSA-45h4-6gcj-6hwv
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability
PKSA-n8n5-6cpw-fk4g CVE-2020-9585 GHSA-55gv-hfg3-hwjq
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[HIGH] Magento authorization bypass vulnerability
PKSA-zsx8-bvvd-km6v CVE-2020-9587 GHSA-8wm7-h2qh-ff4c
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[HIGH] Magento Signature verification bypass
PKSA-wspv-8fs3-txw3 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3
Affected version: <2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-g7vm-z2q8-7j7n CVE-2020-9576 GHSA-4f7x-gjqc-qqpg
Affected version: <2.2.12|>=2.3.0,<2.3.4-p2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-pvdt-18mg-45y5 CVE-2020-9577 GHSA-689w-2f93-2x67
Affected version: <2.3.4-p2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-qwf4-q3k1-nwcz CVE-2020-9578 GHSA-724x-gqhv-9c5x
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-dggw-rfy7-2ck2 CVE-2020-9579 GHSA-vrp3-wc28-qg2h
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-y417-v5jy-hdq4 CVE-2020-9580 GHSA-j2jp-58gv-g2pg
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-5gvz-2437-gh1r CVE-2020-9581 GHSA-2w2x-7qgj-4x78
Affected version: >=2.3.0,<2.3.4-p2|<=2.2.11
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-cc2t-kk7v-64hm CVE-2020-3715 GHSA-mgg3-v948-2vgr
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[CRITICAL] Magento security bypass vulnerability
PKSA-ct8f-pj9p-dqrm CVE-2020-3718 GHSA-x9p7-vgp2-9pq2
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[HIGH] Magento sql injection vulnerability
PKSA-q23r-htfp-sg1j CVE-2020-3719 GHSA-rr59-pjwj-6grj
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-f461-4xh2-5s64 CVE-2020-3758 GHSA-p5q3-xg47-653m
Affected version: <=2.2.10|>=2.3.0,<=2.3.3
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-qvmd-xx88-c5j8 CVE-2019-8114 GHSA-crv7-r357-gw3w
Affected version: >=2.3.0,<2.3.2-p2|>=2.2.0,<2.2.10|<1.9.4.3
Reported by:
GitHub -
[MEDIUM] Magento Cross-Site Request Forgery (CSRF)
PKSA-hkd6-7s85-q9n9 CVE-2018-5301 GHSA-w3mq-67mw-3p9f
Affected version: >=2.1.0,<2.1.2|<2.0.10
Reported by:
GitHub