magento/project-community-edition Security Advisories (101)
-
[HIGH] Magento Cross-site Scripting vulnerability
PKSA-3572-d7db-4y3z CVE-2025-49557 GHSA-8mq8-c243-2335
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-yyc4-y66r-jjjj CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-tvs5-ndw3-3gtb CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-9ydt-2mcr-32qb CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-tpt2-8yg8-qn5g CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-ypn7-w7vg-dsq3 CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-8p2p-vnj4-yrk7 CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-1bhd-hgqf-cyxr CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y1b3-85dn-dn7m CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y865-mwrz-phms CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-c2zm-21rv-25c6 CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-z2xt-wddc-4p24 CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-dh2d-5mwk-96tg CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xr11-y3bp-dn74 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-dc79-d7y1-hqyg CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-45vf-bpkb-pjdf CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-yzxf-m1fz-3vtv CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-gf1j-gp76-gfxd CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-7y5d-fvj3-6td4 CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-9j9m-fy1m-zf94 CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-5pvr-47mr-pm8m CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-hvsj-kptj-27zf CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-mp6w-9p7n-6ssm CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-s18y-x3y8-m1x1 CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-951b-x3mq-6x75 CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Input Validation
PKSA-wvp2-5kwd-g52c CVE-2024-20758 GHSA-wh4m-6rh3-p4rq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-31mc-ry3y-ky5k CVE-2024-20759 GHSA-59vf-hjxc-f9c5
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Uncontrolled Resource Consumption
PKSA-dqz5-4xcm-g2zn CVE-2024-20716 GHSA-c9h9-h5gf-885r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-8z11-z9kc-6gmc CVE-2024-20718 GHSA-hqgj-4396-hmxv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-13kv-2zmp-2qfd CVE-2024-20719 GHSA-264g-f7v8-q5qq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows OS Command Injection
PKSA-pn4n-ncsn-pdpm CVE-2024-20720 GHSA-525f-pvj5-vqmq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-qg8c-sscf-zdxj CVE-2023-38249 GHSA-rq36-9f5f-2gw7
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-vjc5-g3tb-vz4s CVE-2023-38250 GHSA-h3g9-cwr6-hphx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Uncontrolled Resource Consumption
PKSA-rq6g-gs41-zrhx CVE-2023-38251 GHSA-7pfc-834q-h497
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-f98b-p1g7-d3k1 CVE-2023-26366 GHSA-8jxc-5f94-22vh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Input Validation Vulnerability
PKSA-bxnr-t1zg-rw75 CVE-2023-26367 GHSA-9mx6-4gg4-85xj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-t7gh-79wr-5532 CVE-2023-38218 GHSA-rpc7-gf58-v3x2
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-wf47-mk9w-64bn CVE-2023-38219 GHSA-3j7w-jp46-9752
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Authorization
PKSA-bjs7-4spx-mkj7 CVE-2023-38220 GHSA-grc6-r6f8-xj7c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-397d-r1wd-gxct CVE-2023-38221 GHSA-ggr8-3hwx-4f2m
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source affected by Improper Input Validation
PKSA-7dkv-7f5x-vd4n CVE-2022-24093 GHSA-5xmp-7wg5-x68q
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows XML Injection
PKSA-w77r-d31j-s553 CVE-2023-38207 GHSA-rpv2-g4pc-wp72
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Neutralization of Special Elements Used
PKSA-2h91-x29g-knck CVE-2023-38208 GHSA-mxc9-g6m4-2v35
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-hf5g-nxyv-9rq1 CVE-2023-38209 GHSA-3vg2-v639-6ch9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source affected by Improper Input Validation
PKSA-whgb-ymvs-9ndx CVE-2023-22248 GHSA-5jfg-phx7-7fxg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Information Exposure
PKSA-szdb-9t2m-hxqf CVE-2023-29287 GHSA-85m4-g9vq-xpxj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-fhd6-13sx-5c9s CVE-2023-29288 GHSA-f989-3fp9-q3r2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows XML Injection
PKSA-3ctk-j6rb-p8sd CVE-2023-29289 GHSA-wh42-8r2w-873x
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-4sd4-zdhg-q6p3 CVE-2023-29290 GHSA-qw5m-vmp3-f553
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-nypk-79pn-d4d9 CVE-2023-29291 GHSA-5f79-vhr4-vw2r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-q7vj-nkkk-2f4n CVE-2023-29292 GHSA-4588-7x48-jrgj
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source affected by Improper Input Validation
PKSA-7g4s-7b1v-ncqf CVE-2023-29293 GHSA-66c9-xrwj-9xv6
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source has Business Logic Errors Vulnerability
PKSA-88j6-sqdg-73f7 CVE-2023-29294 GHSA-28vp-39rf-3q2j
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Incorrect Authorization
PKSA-y2vf-pgxy-f96y CVE-2023-29295 GHSA-354h-fpmq-68v7
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Incorrect Authorization
PKSA-t1pm-nxqg-x3sk CVE-2023-29296 GHSA-3qr4-w96f-672v
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Neutralization of Special Elements Used
PKSA-pry8-1m8v-12x9 CVE-2023-29297 GHSA-gfmm-ww6f-5mm5
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows XML Injection
PKSA-p9r2-cr37-khfw CVE-2023-22247 GHSA-2444-8gj8-6fmx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Access Control
PKSA-7dmw-wjmr-z2g6 CVE-2023-22250 GHSA-4h7p-4vq8-g2gh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-jd5x-4m6x-4vs6 CVE-2023-22251 GHSA-2wm7-mmgc-qxr3
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Access Control
PKSA-f4cm-wnhb-z3r9 CVE-2022-35689 GHSA-5fxx-jwjm-x9hj
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
PKSA-43r1-4qf6-jnjt CVE-2022-35698 GHSA-4vj2-426r-jm3g
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Access Control vulnerability
PKSA-qzv8-1n8s-nwtw CVE-2022-35692 GHSA-gm4m-9rm8-7rxj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-f81b-kr8n-1cqx CVE-2021-39864 GHSA-94wq-87g6-8h77
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability in the customers module
PKSA-6s73-s4rz-4fyb CVE-2021-28567 GHSA-cc3w-r3w8-hfh7
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
PKSA-jcpc-gqzs-vckj CVE-2021-28556 GHSA-39ch-rg26-gmq5
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
PKSA-1s1d-4jtm-mgtx CVE-2021-28583 GHSA-7gh6-f4jh-3crq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal vulnerability
PKSA-wsvj-3mm9-cfsj CVE-2021-28584 GHSA-7gpv-xrjr-f5h4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper input validation vulnerability
PKSA-kf59-4nmv-jgxn CVE-2021-28585 GHSA-c38m-9668-6j2w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-zczy-vth9-dsr8 CVE-2021-21031 GHSA-4h3p-63x6-vwg2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module
PKSA-m69c-bhkr-wybc CVE-2021-21022 GHSA-8pfq-g48p-x7w8
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console
PKSA-2j3k-3g44-cnjj CVE-2021-21023 GHSA-h5rm-m772-6qcx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento improper authorization vulnerability in the integrations module
PKSA-4v3y-vz4c-v2jc CVE-2021-21026 GHSA-crjc-2v9m-8w7r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
PKSA-nr3b-gd6w-ssxv CVE-2021-21027 GHSA-h4xc-577p-hgj9
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature
PKSA-sv5d-15yf-jkvt CVE-2021-21030 GHSA-6988-g89m-27vf
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-srzx-p6c6-js6b CVE-2021-21032 GHSA-4jfq-f8hc-775q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento vulnerable to a file upload restriction bypass
PKSA-9362-vs4v-j6vt CVE-2021-21014 GHSA-269w-pqc7-68q9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control
PKSA-g3cj-592k-1jnk CVE-2021-21020 GHSA-2j6v-829g-885q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento XPath Injection
PKSA-vf7x-93bd-9dxz CVE-2021-21025 GHSA-h437-qjj9-vmq4
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento OS command injection via the WebAPI
PKSA-3x4h-dj99-1bb6 CVE-2021-21016 GHSA-792f-c8mp-2cr5
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-5gcm-4f3h-ccq3 CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-897p-xmvy-tt74 CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component
PKSA-k3wv-nm33-qyds CVE-2020-24402 GHSA-hvf5-4jr9-fghh
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento incorrect user permissions vulnerability within the Inventory component
PKSA-z7pr-jrtx-p1ns CVE-2020-24403 GHSA-39rw-4m66-82gf
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability
PKSA-hwcd-t2bm-dpxv CVE-2020-9691 GHSA-g7pc-799q-743f
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento path traversal vulnerability
PKSA-vn8z-wfpr-9z9r CVE-2020-9689 GHSA-fr6f-xmfx-rrpq
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento business logic error vulnerability
PKSA-mxvf-4dqk-jkm7 CVE-2020-9630 GHSA-5j4w-v87m-8r65
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-rwgp-ksc5-wcwr CVE-2020-9632 GHSA-6w29-x5j4-qhrw
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-kxq8-h6yb-km6x CVE-2020-9631 GHSA-gffx-9f36-r8wp
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-d3r6-279w-y1d1 CVE-2020-9582 GHSA-c3m4-hxv9-4mxj
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-z6wq-jnnt-bc5n CVE-2020-9583 GHSA-c55h-7q4j-g6rq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting
PKSA-pn9b-bn7v-6qgq CVE-2020-9584 GHSA-45h4-6gcj-6hwv
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability
PKSA-7h8p-1s1w-tr6y CVE-2020-9585 GHSA-55gv-hfg3-hwjq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento authorization bypass vulnerability
PKSA-xt9x-ch8p-mqqg CVE-2020-9587 GHSA-8wm7-h2qh-ff4c
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Signature verification bypass
PKSA-b4sj-b4fw-vq95 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-n1g6-9qfx-sxg9 CVE-2020-9576 GHSA-4f7x-gjqc-qqpg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-bk74-986b-ccds CVE-2020-9577 GHSA-689w-2f93-2x67
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-7t4x-z168-kw9z CVE-2020-9578 GHSA-724x-gqhv-9c5x
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-fbhc-z78m-yk4d CVE-2020-9580 GHSA-j2jp-58gv-g2pg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-85pv-nkv7-zjm3 CVE-2020-9581 GHSA-2w2x-7qgj-4x78
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-dj7f-ngy7-v828 CVE-2019-8114 GHSA-crv7-r357-gw3w
Affected version: <1.9.4.3
Reported by:
GitHub -
[HIGH] Unauthenticated crypto and weak IV in Magento\Framework\Encryption
PKSA-whwg-zcv6-qs4x CVE-2016-6485 GHSA-h7qw-mxrm-c6h2
Affected version: >=2.0,<=2.0.2
Reported by:
GitHub