magento/project-community-edition Security Advisories (161)
-
[HIGH] Magento provides incorrect authorization through a security feature bypass
PKSA-4r9t-ghqm-cxfc CVE-2025-54263 GHSA-69x9-xp2j-w8g8
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-f7yq-1gbd-c3rr CVE-2025-54264 GHSA-2768-5wmv-cfff
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento allows incorrect authorization
PKSA-56cd-891c-qkty CVE-2025-54265 GHSA-r355-75hw-r8jf
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-z14p-xqf4-7sm6 CVE-2025-54266 GHSA-pcrx-r49h-x2w5
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization
PKSA-yfky-scjc-qkj4 CVE-2025-54267 GHSA-qvwr-p3hj-j6jf
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Community Edition Improper Input Validation vulnerability
PKSA-dcpk-hsck-4wm2 CVE-2025-54236 GHSA-wh92-6q6g-px7j
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento vulnerable to denial of service
PKSA-xpgt-hwzp-z42c CVE-2025-49554 GHSA-xgfm-992v-h2hr
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Cross-Site Request Forgery (CSRF) vulnerability
PKSA-j4c6-522w-d5w2 CVE-2025-49555 GHSA-5777-jj7p-mpqw
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read
PKSA-48kk-sh8q-28n5 CVE-2025-49556 GHSA-7hrj-3c9x-xv5h
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Cross-site Scripting vulnerability
PKSA-3572-d7db-4y3z CVE-2025-49557 GHSA-8mq8-c243-2335
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-7z2m-9t27-jsqm CVE-2025-49558 GHSA-wcmw-8xpp-rwfj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to path traversal
PKSA-qxt1-qvkm-ccm7 CVE-2025-49559 GHSA-h4f4-gv6h-x824
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Authenticated Security feature bypass
PKSA-msyb-69yd-tmh2 CVE-2025-49549 GHSA-85jx-x9r4-45m2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Security feature bypass
PKSA-qrtj-1wyx-bhtk CVE-2025-49550 GHSA-8hcx-xvww-6c6h
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Improper Authorization leading to security feature bypass
PKSA-2yx1-9c32-fgbb CVE-2025-43585 GHSA-r487-9vv5-75gg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to security feature bypass
PKSA-frp2-4m6z-72bk CVE-2025-27206 GHSA-g2pj-xmxq-3r9q
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-dgwq-v9zk-5py2 CVE-2025-27190 GHSA-6wq7-cg9h-mj6q
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control leads to Security feature bypass
PKSA-j33z-72k7-nwyn CVE-2025-27191 GHSA-vhcq-4xrm-2cr2
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento does not properly protect credentials
PKSA-gkkr-yrmf-9dcm CVE-2025-27192 GHSA-2r94-wm5v-4prx
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-yyc4-y66r-jjjj CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-tvs5-ndw3-3gtb CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-9ydt-2mcr-32qb CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-tpt2-8yg8-qn5g CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-ypn7-w7vg-dsq3 CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-8p2p-vnj4-yrk7 CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-1bhd-hgqf-cyxr CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y1b3-85dn-dn7m CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y865-mwrz-phms CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-c2zm-21rv-25c6 CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-z2xt-wddc-4p24 CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-dh2d-5mwk-96tg CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xr11-y3bp-dn74 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-dc79-d7y1-hqyg CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-45vf-bpkb-pjdf CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-yzxf-m1fz-3vtv CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-gf1j-gp76-gfxd CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-7y5d-fvj3-6td4 CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-9j9m-fy1m-zf94 CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-5pvr-47mr-pm8m CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-hvsj-kptj-27zf CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-mp6w-9p7n-6ssm CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-s18y-x3y8-m1x1 CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-951b-x3mq-6x75 CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-ksk8-hxyg-xvfg CVE-2024-39407 GHSA-cjm6-8mw8-2f8c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to security feature bypass
PKSA-9h42-hjp4-8jwg CVE-2024-39411 GHSA-qm77-mqf3-fmhq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-bwdz-tnp6-hk5k CVE-2024-39413 GHSA-8w5f-8992-g86j
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-5h2h-vm5k-6mnx CVE-2024-39414 GHSA-x6f9-hv9r-fgq4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization Leading to Security feature bypass
PKSA-xrrt-bvvw-hr76 CVE-2024-39415 GHSA-gj93-84g5-mcjq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-x9mx-cg6q-dbr6 CVE-2024-39416 GHSA-4xgg-rw35-7mv5
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization leads to Security feature bypass
PKSA-6bv3-f1pv-tkg6 CVE-2024-39417 GHSA-4xmj-f664-hv98
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-7d9n-ggqz-zmxp CVE-2024-39418 GHSA-gvgf-pvh5-vjh4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control Leads to Privilege escalation
PKSA-bfjj-vfzz-pgc4 CVE-2024-39419 GHSA-74w7-cr4v-wf2v
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento does not properly restrict excessive authentication attempts
PKSA-q7s3-frdr-1dn6 CVE-2024-39398 GHSA-q628-54wg-4r5q
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Path Traversal vulnerability
PKSA-3w2j-148y-fbkd CVE-2024-39399 GHSA-7r99-8wqp-h7pc
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento DOM-based Cross-Site Scripting (XSS) vulnerability
PKSA-sxwm-bffz-sx8t CVE-2024-39400 GHSA-52fg-wjxm-pp44
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento OS Command ('OS Command Injection') vulnerability
PKSA-88dh-sqwk-yrn8 CVE-2024-39401 GHSA-8frp-pxq2-3gpq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento OS Command ('OS Command Injection') vulnerability
PKSA-gtqw-8tn8-f1mj CVE-2024-39402 GHSA-2ff6-837j-hg5x
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) vulnerability
PKSA-vk95-4ddg-k6zr CVE-2024-39403 GHSA-mmp7-8cg4-9wrg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-j2rz-rvx4-k296 CVE-2024-39404 GHSA-qrh3-vxjg-h9h6
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability
PKSA-634t-hn1n-jy9s CVE-2024-39405 GHSA-5g9f-7gqc-8hj4
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Input Validation
PKSA-wvp2-5kwd-g52c CVE-2024-20758 GHSA-wh4m-6rh3-p4rq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-31mc-ry3y-ky5k CVE-2024-20759 GHSA-59vf-hjxc-f9c5
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Uncontrolled Resource Consumption
PKSA-dqz5-4xcm-g2zn CVE-2024-20716 GHSA-c9h9-h5gf-885r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-8z11-z9kc-6gmc CVE-2024-20718 GHSA-hqgj-4396-hmxv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-13kv-2zmp-2qfd CVE-2024-20719 GHSA-264g-f7v8-q5qq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows OS Command Injection
PKSA-pn4n-ncsn-pdpm CVE-2024-20720 GHSA-525f-pvj5-vqmq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-qg8c-sscf-zdxj CVE-2023-38249 GHSA-rq36-9f5f-2gw7
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-vjc5-g3tb-vz4s CVE-2023-38250 GHSA-h3g9-cwr6-hphx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Uncontrolled Resource Consumption
PKSA-rq6g-gs41-zrhx CVE-2023-38251 GHSA-7pfc-834q-h497
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-f98b-p1g7-d3k1 CVE-2023-26366 GHSA-8jxc-5f94-22vh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Input Validation Vulnerability
PKSA-bxnr-t1zg-rw75 CVE-2023-26367 GHSA-9mx6-4gg4-85xj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-t7gh-79wr-5532 CVE-2023-38218 GHSA-rpc7-gf58-v3x2
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Cross-Site Scripting (XSS)
PKSA-wf47-mk9w-64bn CVE-2023-38219 GHSA-3j7w-jp46-9752
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Authorization
PKSA-bjs7-4spx-mkj7 CVE-2023-38220 GHSA-grc6-r6f8-xj7c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows SQL Injection
PKSA-397d-r1wd-gxct CVE-2023-38221 GHSA-ggr8-3hwx-4f2m
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source affected by Improper Input Validation
PKSA-7dkv-7f5x-vd4n CVE-2022-24093 GHSA-5xmp-7wg5-x68q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento affected by remote code execution vulnerability in the CMS page scheduled update feature
PKSA-2rtt-dsym-g9ss CVE-2021-36021 GHSA-4g27-q2w9-m8m8
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Update Layout
PKSA-hpxx-kn39-41wv CVE-2021-36023 GHSA-8cjg-f53m-8m9q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento improper access control vulnerability within Magento's Media Gallery Upload workflow
PKSA-ct3s-553f-dgt1 CVE-2021-36036 GHSA-wqr6-wv6c-p8fx
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows XML Injection
PKSA-w77r-d31j-s553 CVE-2023-38207 GHSA-rpv2-g4pc-wp72
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Neutralization of Special Elements Used
PKSA-2h91-x29g-knck CVE-2023-38208 GHSA-mxc9-g6m4-2v35
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-hf5g-nxyv-9rq1 CVE-2023-38209 GHSA-3vg2-v639-6ch9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source affected by Improper Input Validation
PKSA-whgb-ymvs-9ndx CVE-2023-22248 GHSA-5jfg-phx7-7fxg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Information Exposure
PKSA-szdb-9t2m-hxqf CVE-2023-29287 GHSA-85m4-g9vq-xpxj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-fhd6-13sx-5c9s CVE-2023-29288 GHSA-f989-3fp9-q3r2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows XML Injection
PKSA-3ctk-j6rb-p8sd CVE-2023-29289 GHSA-wh42-8r2w-873x
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-4sd4-zdhg-q6p3 CVE-2023-29290 GHSA-qw5m-vmp3-f553
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-nypk-79pn-d4d9 CVE-2023-29291 GHSA-5f79-vhr4-vw2r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Server-Side Request Forgery (SSRF)
PKSA-q7vj-nkkk-2f4n CVE-2023-29292 GHSA-4588-7x48-jrgj
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source affected by Improper Input Validation
PKSA-7g4s-7b1v-ncqf CVE-2023-29293 GHSA-66c9-xrwj-9xv6
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source has Business Logic Errors Vulnerability
PKSA-88j6-sqdg-73f7 CVE-2023-29294 GHSA-28vp-39rf-3q2j
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Incorrect Authorization
PKSA-y2vf-pgxy-f96y CVE-2023-29295 GHSA-354h-fpmq-68v7
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Open Source allows Incorrect Authorization
PKSA-t1pm-nxqg-x3sk CVE-2023-29296 GHSA-3qr4-w96f-672v
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Improper Neutralization of Special Elements Used
PKSA-pry8-1m8v-12x9 CVE-2023-29297 GHSA-gfmm-ww6f-5mm5
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows XML Injection
PKSA-p9r2-cr37-khfw CVE-2023-22247 GHSA-2444-8gj8-6fmx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Access Control
PKSA-7dmw-wjmr-z2g6 CVE-2023-22250 GHSA-4h7p-4vq8-g2gh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Incorrect Authorization
PKSA-jd5x-4m6x-4vs6 CVE-2023-22251 GHSA-2wm7-mmgc-qxr3
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Improper Access Control
PKSA-f4cm-wnhb-z3r9 CVE-2022-35689 GHSA-5fxx-jwjm-x9hj
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
PKSA-43r1-4qf6-jnjt CVE-2022-35698 GHSA-4vj2-426r-jm3g
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Access Control vulnerability
PKSA-qzv8-1n8s-nwtw CVE-2022-35692 GHSA-gm4m-9rm8-7rxj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-24m8-9psy-djq7 CVE-2021-36027 GHSA-x2v2-2jhp-c5hv
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the customer address upload feature
PKSA-k1yz-gr5t-hhxm CVE-2021-36026 GHSA-8gfq-m4cf-w975
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source allows Cross-Site Request Forgery (CSRF)
PKSA-f81b-kr8n-1cqx CVE-2021-39864 GHSA-94wq-87g6-8h77
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability in the customers module
PKSA-6s73-s4rz-4fyb CVE-2021-28567 GHSA-cc3w-r3w8-hfh7
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento affected by a business logic error in the placeOrder graphql mutation
PKSA-t2xp-vd66-ybyt CVE-2021-36012 GHSA-3f97-7pgv-gmgr
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento XML Injection vulnerability in the 'City' field
PKSA-gz8m-d97x-xcsb CVE-2021-36020 GHSA-xvpx-6hh8-7h72
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento XML Injection vulnerability in the Widgets Update Layout
PKSA-rcpd-m1gd-98mf CVE-2021-36022 GHSA-3x9x-vhqj-cv27
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento is affected by an os command injection via the Data collection endpoint
PKSA-8dfr-9b5m-7xr8 CVE-2021-36024 GHSA-qmq6-jpvg-j547
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento is affected by an improper input validation vulnerability while saving a customer's details
PKSA-17rr-8v96-bv63 CVE-2021-36025 GHSA-gvfx-9m9v-h839
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento has an XML Injection vulnerability
PKSA-py55-xtc9-n1vr CVE-2021-36028 GHSA-5pjj-7fq8-9gpf
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento improper authorization vulnerability
PKSA-85p5-zgy5-5xnz CVE-2021-36029 GHSA-m8wx-whpp-q283
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento allows attackers to alter the price of items
PKSA-8rbp-3yr4-kzsk CVE-2021-36030 GHSA-rhff-65hp-55rw
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Path Traversal vulnerability via the `theme[preview_image]` parameter
PKSA-7dd8-p7yr-6sty CVE-2021-36031 GHSA-7w95-qwhh-q9p3
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento is affected by an improper input validation vulnerability
PKSA-b5t8-3cfw-p3zr CVE-2021-36032 GHSA-5vw8-r55w-f4q4
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento XML Injection vulnerability in the Widgets Module
PKSA-21fx-wcrz-h4sg CVE-2021-36033 GHSA-p746-qw73-qmmx
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento affected by remote code execution via a file upload
PKSA-6wq2-rzmf-jydh CVE-2021-36034 GHSA-j46h-qjjv-cxfj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento is affected by an improper authorization vulnerability
PKSA-zngg-vgy9-4g5p CVE-2021-36037 GHSA-vrq2-w7r7-3fp2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento discloses sensitive information via the Multishipping Module
PKSA-yjhy-wps1-gwny CVE-2021-36038 GHSA-wgpr-9675-8r67
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento discloses sensitive information
PKSA-bk68-b64r-znp8 CVE-2021-36039 GHSA-3g7m-g8qm-x6j5
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento has a file extension restrictions bypass
PKSA-ztts-2y99-bcdy CVE-2021-36040 GHSA-2pq5-gpqf-g4r3
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento vulnerable to file upload attack
PKSA-v7n8-rj87-rp8f CVE-2021-36041 GHSA-mx5m-j5xr-jg8c
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento executes code via the API File Option Upload Extension
PKSA-2kzy-spch-8dtk CVE-2021-36042 GHSA-6cwv-wj7v-73xp
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension
PKSA-xgws-skjf-gckt CVE-2021-36043 GHSA-36xq-7w8w-xp68
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento affected by a server-side denial-of-service using a GraphQL field
PKSA-4s2g-m2hm-n8kp CVE-2021-36044 GHSA-wr57-3h2f-3q95
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
PKSA-jcpc-gqzs-vckj CVE-2021-28556 GHSA-39ch-rg26-gmq5
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
PKSA-1s1d-4jtm-mgtx CVE-2021-28583 GHSA-7gh6-f4jh-3crq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal vulnerability
PKSA-wsvj-3mm9-cfsj CVE-2021-28584 GHSA-7gpv-xrjr-f5h4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper input validation vulnerability
PKSA-kf59-4nmv-jgxn CVE-2021-28585 GHSA-c38m-9668-6j2w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-zczy-vth9-dsr8 CVE-2021-21031 GHSA-4h3p-63x6-vwg2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module
PKSA-m69c-bhkr-wybc CVE-2021-21022 GHSA-8pfq-g48p-x7w8
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console
PKSA-2j3k-3g44-cnjj CVE-2021-21023 GHSA-h5rm-m772-6qcx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento improper authorization vulnerability in the integrations module
PKSA-4v3y-vz4c-v2jc CVE-2021-21026 GHSA-crjc-2v9m-8w7r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
PKSA-nr3b-gd6w-ssxv CVE-2021-21027 GHSA-h4xc-577p-hgj9
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature
PKSA-sv5d-15yf-jkvt CVE-2021-21030 GHSA-6988-g89m-27vf
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-srzx-p6c6-js6b CVE-2021-21032 GHSA-4jfq-f8hc-775q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento vulnerable to a file upload restriction bypass
PKSA-9362-vs4v-j6vt CVE-2021-21014 GHSA-269w-pqc7-68q9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control
PKSA-g3cj-592k-1jnk CVE-2021-21020 GHSA-2j6v-829g-885q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento XPath Injection
PKSA-vf7x-93bd-9dxz CVE-2021-21025 GHSA-h437-qjj9-vmq4
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento OS command injection via the WebAPI
PKSA-3x4h-dj99-1bb6 CVE-2021-21016 GHSA-792f-c8mp-2cr5
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-5gcm-4f3h-ccq3 CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-897p-xmvy-tt74 CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component
PKSA-k3wv-nm33-qyds CVE-2020-24402 GHSA-hvf5-4jr9-fghh
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento incorrect user permissions vulnerability within the Inventory component
PKSA-z7pr-jrtx-p1ns CVE-2020-24403 GHSA-39rw-4m66-82gf
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability
PKSA-hwcd-t2bm-dpxv CVE-2020-9691 GHSA-g7pc-799q-743f
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento path traversal vulnerability
PKSA-vn8z-wfpr-9z9r CVE-2020-9689 GHSA-fr6f-xmfx-rrpq
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento business logic error vulnerability
PKSA-mxvf-4dqk-jkm7 CVE-2020-9630 GHSA-5j4w-v87m-8r65
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-rwgp-ksc5-wcwr CVE-2020-9632 GHSA-6w29-x5j4-qhrw
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-kxq8-h6yb-km6x CVE-2020-9631 GHSA-gffx-9f36-r8wp
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-d3r6-279w-y1d1 CVE-2020-9582 GHSA-c3m4-hxv9-4mxj
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-z6wq-jnnt-bc5n CVE-2020-9583 GHSA-c55h-7q4j-g6rq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting
PKSA-pn9b-bn7v-6qgq CVE-2020-9584 GHSA-45h4-6gcj-6hwv
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability
PKSA-7h8p-1s1w-tr6y CVE-2020-9585 GHSA-55gv-hfg3-hwjq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento authorization bypass vulnerability
PKSA-xt9x-ch8p-mqqg CVE-2020-9587 GHSA-8wm7-h2qh-ff4c
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Signature verification bypass
PKSA-b4sj-b4fw-vq95 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-n1g6-9qfx-sxg9 CVE-2020-9576 GHSA-4f7x-gjqc-qqpg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-bk74-986b-ccds CVE-2020-9577 GHSA-689w-2f93-2x67
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-7t4x-z168-kw9z CVE-2020-9578 GHSA-724x-gqhv-9c5x
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-fbhc-z78m-yk4d CVE-2020-9580 GHSA-j2jp-58gv-g2pg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-85pv-nkv7-zjm3 CVE-2020-9581 GHSA-2w2x-7qgj-4x78
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-dj7f-ngy7-v828 CVE-2019-8114 GHSA-crv7-r357-gw3w
Affected version: <1.9.4.3
Reported by:
GitHub -
[HIGH] Unauthenticated crypto and weak IV in Magento\Framework\Encryption
PKSA-whwg-zcv6-qs4x CVE-2016-6485 GHSA-h7qw-mxrm-c6h2
Affected version: >=2.0,<=2.0.2
Reported by:
GitHub