Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 8 days ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 8 days ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS05d3J2LWc3NWgtOGNjY80_qw
Improper Access Control in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 9 months ago
High
GSA_kwCzR0hTQS03Z203LThxOHYtOWdmMs0_qg
Server-Side Request Forgery (SSRF) in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02d3JoLTI3OWotNmh2d80xMQ
HTTP caching is marking private HTTP headers as public in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05NTJwLWZxY3AtZzhwY80xMA
HTML injection possibility in voucher code form in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 months ago
Low
GSA_kwCzR0hTQS13MjY3LW05YzQtODU1Nc0xLw
Shopware user session is not logged out if the password is reset via password recovery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qcDZoLW14aHgtcGdxaM0xLg
Shopware guest session is shared between customers
Ecosystems: packagist
Packages: shopware/storefront, shopware/platform
Source: GitHub Advisory Database
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZncjgtYzNtNS1tdnJn
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4djktM2pqcS1ydnA0
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3dmctdzhxOC1jM3dm
Session Fixation
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0Z3AtcWZmOC05NDZj
Insecure direct object reference of log files of the Import/Export feature
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoNTUtMmZxcC1wNzc1
Command injection in mail agent settings
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjMzgtbXh3ci1wZmh4
Cross-Site Scripting via SVG media files
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjdnYtZ3E5Mi14OTRy
Authenticated server-side request forgery in file upload via URL.
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTYtZ2Y1OC05dzk3
Missing Authentication for Critical Function
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0M3EtZzlqMy1xZjZy
non-admin users can create integration role with administrator role
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwbWgtZzk0Zy1xcmhy
Internal hidden fields are visible on to many associations in admin api
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyZjIteGdoci1qNTJ2
Private files publicly accessible with Cloud Storage providers
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3dzgtcHA5dy03cDMy
Creation of order credits was not validated by acl in admin orders
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxM3ItandycS14ZzZ3
Canceling of orders not related to the logged-in user
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnN2MtcTN2cS1yZ3hy
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtampnYy1oM3I4
Authenticated remote code execution
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2ZzQtOXJjMi13dmNy
Generation of fake documents via public GET-call
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Authenticated XML External Entity Processing
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2aHItNTVoZy0zcXd2
Non-persistent XSS in the Storefront in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2YzUtY2Zyci0zODR2
RCE in Third Party Library in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Filter by Package
microweber/microweber 67 pimcore/pimcore 43 shopware/platform 40 typo3/cms-core 38 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 snipe/snipe-it 28 moodle/moodle 25 remdex/livehelperchat 22 dolibarr/dolibarr 21 typo3/cms 18 mautic/core 18 concrete5/concrete5 17 cakephp/cakephp 17 shopware/shopware 17 silverstripe/framework 16 thorsten/phpmyfaq 16 yetiforce/yetiforce-crm 16 pocketmine/pocketmine-mp 15 baserproject/basercms 15 craftcms/cms 14 tribalsystems/zenario 13 grumpydictator/firefly-iii 13 getkirby/cms 12 phpmailer/phpmailer 12 symfony/symfony 12 forkcms/forkcms 12 openmage/magento-lts 12 feehi/feehicms 11 intelliants/subrion 11 francoisjacquet/rosariosis 11 getgrav/grav 11 drupal/core 11 contao/core-bundle 10 october/system 10 centreon/centreon 9 froxlor/froxlor 9 concrete5/core 9 kevinpapst/kimai2 9 topthink/framework 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 ssddanbrown/bookstack 8 sylius/sylius 8 ezsystems/ezpublish-kernel 7 feehi/cms 7 october/cms 7 magento/community-edition 7 codeigniter4/framework 7 october/backend 7 laravel/framework 7 simplesamlphp/simplesamlphp 6 guzzlehttp/guzzle 6 smarty/smarty 6 pterodactyl/panel 6 ezsystems/ezplatform-kernel 5 prestashop/prestashop 5 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 backdrop/backdrop 5 sulu/sulu 5 yourls/yourls 5 bottelet/flarepoint 5 symfony/security-http 5 pear/archive_tar 4 flarum/core 4 bolt/bolt 4 ezsystems/ezplatform-admin-ui 4 dompdf/dompdf 4 pagekit/pagekit 4 idno/known 4 nukeviet/nukeviet 4 phpmyadmin/phpmyadmin 4 cachethq/cachet 4 bytefury/crater 4 symfony/http-foundation 4 directmailteam/direct-mail 4 symfony/security 3 typo3/cms-form 3 rudloff/alltube 3 spatie/browsershot 3 silverstripe/assets 3 tinymce 3 symfony/http-kernel 3 TinyMCE 3 notrinos/notrinos-erp 3 sylius/resource-bundle 3 nystudio107/craft-seomatic 3 ibexa/core 3 nilsteampassnet/teampass 3 enshrined/svg-sanitize 3 composer/composer 3 tinymce/tinymce 3 icecoder/icecoder 3 oro/platform 3 phpoffice/phpspreadsheet 3 illuminate/database 3 prestashop/productcomments 3 elgg/elgg 3 facade/ignition 3 gilacms/gila 3 twig/twig 3 shopware/storefront 3 studio-42/elfinder 2 shopxo/shopxo 2 laravel/laravel 2 lavalite/cms 2 verot/class.upload.php 2 com.google.protobuf:protobuf-parent 2 exceedone/exment 2 ptrofimov/beanstalk_console 2 wintercms/winter 2 symfony/framework-bundle 2 ether/logs 2 latte/latte 2 october/october 2 october/rain 2 exceedone/laravel-admin 2 ezsystems/ezplatform-rest 2 silverstripe/graphql 2 buddypress/buddypress 2 yiisoft/yii2-dev 2 billz/raspap-webgui 2 yoast-seo-for-typo3/yoast_seo 2 miniorange/miniorange-saml 2 phpfastcache/phpfastcache 2 protobuf 2 typo3/cms-backend 2 drupal/drupal 2 typo3/html-sanitizer 2 badaso/core 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 silverstripe/cms 2 silverstripe/admin 2 alextselegidis/easyappointments 2 ibexa/admin-ui 2 opencart/opencart 2 typo3fluid/fluid 2 processwire/processwire 2 in2code/femanager 2 oro/commerce 2 noumo/easyii 2 symfony/cache 2 unisharp/laravel-filemanager 2 librenms 2 league/commonmark 2 aheinze/cockpit 2 cuyz/valinor 2 packbackbooks/lti-1-3-php-library 2 Google.Protobuf 2 admidio/admidio 2 getkirby/panel 2 dweeves/magmi 2 helloxz/imgurl 2 privatebin/privatebin 2 filegator/filegator 2 neos/neos 2 s-cart/s-cart 2 bolt/core 2 erusev/parsedown 2 anchorcms/anchor-cms 2 croogo/croogo 2 squizlabs/php_codesniffer 2 modx/revolution 2 limesurvey/limesurvey 1 catfan/medoo 1 phpmyfaq/phpmyfaq 1 neoan3-apps/template 1 ttskch/pagination-service-provider 1 globalpayments/php-sdk 1 doctrine/dbal 1 hov/jobfair 1 oro/crm 1 silverstripe/versioned-admin 1 symfony/serializer 1 phpservermon/phpservermon 1 area17/twill 1 yiisoft/yii2 1 fluidtypo3/vhs 1 harvesthq/chosen 1 snipe-it 1 gaoming13/wechat-php-sdk 1 joomla/archive 1 hillelcoren/invoice-ninja 1 cardgate/magento2 1 netgen/tagsbundle 1 arc/web 1 adminer 1 silverstripe/hybridsessions 1 spipu/html2pdf 1 socialiteproviders/steam 1 adodb/adodb-php 1 livehelperchat/livehelperchat 1 flarum/sticky 1 barryvdh/laravel-translation-manager 1 xataface/xataface 1 simplesamlphp/simplesamlphp-module-openid 1 vova07/yii2-fileapi-widget 1 appwrite/server-ce 1 litespeed.js 1 laravel/fortify 1 pear/crypt_gpg 1 flarum/tags 1 nette/application 1 hjue/justwriting 1 prestashop/ps_linklist 1 neorazorx/facturascripts 1 genix/cms 1 barrelstrength/sprout-forms 1 wwbn/avideo 1 Sylius/Sylius 1 marcwillmann/turn 1 sylius/grid-bundle 1 php-mod/curl 1 fof/upload 1 prestashop/ps_facetedsearch 1 topthink/thinkphp 1 matyhtf/framework 1 melisplatform/melis-front 1 melisplatform/melis-cms 1 czproject/git-php 1 bmarshall511/wordpress_zero_spam 1 statamic/cms 1 yeswiki/yeswiki 1 tastyigniter/tastyigniter 1 symfony/security-core 1 fenom/fenom 1 open-web-analytics/open-web-analytics 1 pimcore/data-hub 1 wanglelecc/laracms 1 librenms/librenms/ 1 pocketmine/bedrock-protocol 1 silverstripe/subsites 1 api-platform/core 1 wpanel/wpanel4-cms 1 luyadev/yii-helpers 1 innologi/typo3-appointments 1 web-auth/webauthn-framework 1 sumocoders/framework-user-bundle 1 barzahlen/barzahlen-php 1 symfony/security-guard 1 sylius/paypal-plugin 1 zendframework/zend-diactoros 1 wp-graphql/wp-graphql 1 s-cart/core 1 ibexa/post-install 1 friendsoftypo3/mediace 1 symfony/mime 1 mojo42/jirafeau 1 ectouch/ectouch 1 robrichards/xmlseclibs 1 zendframework/zend-http 1 phpunit/phpunit 1 brotkrueml/typo3-matomo-integration 1 brotkrueml/schema 1 bagisto/bagisto 1 phpseclib/phpseclib 1 krayin/laravel-crm 1 symbiote/silverstripe-versionedfiles 1 gos/web-socket-bundle 1 fof/byobu 1 yiisoft/yii2-gii 1 guzzlehttp/psr7 1 thinkcmf/thinkcmf 1 symfont/process 1 prestashop/blockwishlist 1 cakephp/database 1 wp-cli/wp-cli 1 simplesamlphp/simplesamlphp-module-openidprovider 1 liftkit/database 1 shopware/production 1 contao/managed-edition 1 codiad/codiad 1 ezsystems/ezpublish-legacy 1 kitodo/presentation 1 zendesk/zendesk_api_client_php 1 mittwald/typo3_forum 1 symfony/proxy-manager-bridge 1 apereo/phpcas 1 yii2mod/yii2-cms 1 in2code/lux 1 himiklab/yii2-jqgrid-widget 1 symfony/phpunit-bridge 1 woocommerce/woocommerce 1 islandora/islandora 1 laminas/laminas-diactoros 1 mezzio/mezzio-swoole 1 webcoast/deferred-image-processing 1 ecodev/newsletter 1 sukohi/surpass 1 hyn/multi-tenant 1 laminas/laminas-form 1 symbiote/silverstripe-seed 1 flarum/mentions 1 django-tinymce 1 getkirby/starterkit 1 rankmath/seo-by-rank-math 1