Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist shopware/platform Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zODY3LWpjNWMtNjZxZs4AA4if
Broken Access Control order API in Shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
High
GSA_kwCzR0hTQS03djJ2LTlybTQtN204Zs4AAy1O
Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1meGYzLXd4M2MtNzZwZs4AAleW
Shopware vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS01dm1nLXg5OWctMzk2cc4AAld_
Shopware vulnerable to SSRF
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yNHBoLW14NjcteDU4cM4AAleY
Shopware database password is leaked to an unauthenticated users
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS05d3J2LWc3NWgtOGNjY80_qw
Improper Access Control in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Z203LThxOHYtOWdmMs0_qg
Server-Side Request Forgery (SSRF) in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02d3JoLTI3OWotNmh2d80xMQ
HTTP caching is marking private HTTP headers as public in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05NTJwLWZxY3AtZzhwY80xMA
HTML injection possibility in voucher code form in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13MjY3LW05YzQtODU1Nc0xLw
Shopware user session is not logged out if the password is reset via password recovery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcDZoLW14aHgtcGdxaM0xLg
Shopware guest session is shared between customers
Ecosystems: packagist
Packages: shopware/storefront, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZncjgtYzNtNS1tdnJn
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4djktM2pqcS1ydnA0
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3dmctdzhxOC1jM3dm
Session Fixation
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0Z3AtcWZmOC05NDZj
Insecure direct object reference of log files of the Import/Export feature
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoNTUtMmZxcC1wNzc1
Command injection in mail agent settings
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjMzgtbXh3ci1wZmh4
Cross-Site Scripting via SVG media files
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjdnYtZ3E5Mi14OTRy
Authenticated server-side request forgery in file upload via URL.
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTYtZ2Y1OC05dzk3
Missing Authentication for Critical Function
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0M3EtZzlqMy1xZjZy
non-admin users can create integration role with administrator role
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwbWgtZzk0Zy1xcmhy
Internal hidden fields are visible on to many associations in admin api
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyZjIteGdoci1qNTJ2
Private files publicly accessible with Cloud Storage providers
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3dzgtcHA5dy03cDMy
Creation of order credits was not validated by acl in admin orders
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxM3ItandycS14ZzZ3
Canceling of orders not related to the logged-in user
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnN2MtcTN2cS1yZ3hy
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtampnYy1oM3I4
Authenticated remote code execution
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2ZzQtOXJjMi13dmNy
Generation of fake documents via public GET-call
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Authenticated XML External Entity Processing
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2aHItNTVoZy0zcXd2
Non-persistent XSS in the Storefront in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2YzUtY2Zyci0zODR2
RCE in Third Party Library in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 3
Ecosystems: 12
Filter by Package
moodle/moodle 342 magento/community-edition 204 typo3/cms 174 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 85 drupal/drupal 76 thorsten/phpmyfaq 70 symfony/symfony 64 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 craftcms/cms 41 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 zendframework/zendframework1 34 snipe/snipe-it 33 shopware/shopware 30 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 mediawiki/core 24 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 contao/contao 18 opencart/opencart 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 topthink/framework 17 francoisjacquet/rosariosis 17 genix/cms 17 symfony/security 17 yetiforce/yetiforce-crm 16 october/system 15 openmage/magento-lts 15 ec-cube/ec-cube 15 smarty/smarty 15 symfony/security-http 14 phpmailer/phpmailer 14 silverstripe/cms 14 typo3/cms-backend 14 lavalite/cms 13 elefant/cms 13 bolt/bolt 13 codeigniter4/framework 13 impresscms/impresscms 13 studio-42/elfinder 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 sylius/sylius 12 dompdf/dompdf 12 feehi/feehicms 11 tinymce/tinymce 11 TinyMCE 11 pimcore/admin-ui-classic-bundle 11 symfony/http-foundation 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 wwbn/avideo 11 tinymce 11 yiisoft/yii2 10 pagekit/pagekit 10 ezsystems/ezpublish-legacy 10 nukeviet/nukeviet 10 ssddanbrown/bookstack 10 wallabag/wallabag 10 admidio/admidio 10 funadmin/funadmin 9 alextselegidis/easyappointments 9 kevinpapst/kimai2 9 concrete5/core 9 contao/core 9 october/october 9 sulu/sulu 8 statamic/cms 8 composer/composer 8 codiad/codiad 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 october/cms 8 facturascripts/facturascripts 8 croogo/croogo 8 silverstripe/graphql 8 silverstripe/admin 8 ezsystems/ezplatform-admin-ui 7 flarum/core 7 mantisbt/mantisbt 7 wpglobus/wpglobus 7 symfony/http-kernel 7 october/backend 7 passbolt/passbolt_api 7 pterodactyl/panel 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 phpseclib/phpseclib 6 yiisoft/yii2-dev 6 bagisto/bagisto 6 automad/automad 6 dweeves/magmi 6 in2code/femanager 6 vrana/adminer 6 yourls/yourls 6 guzzlehttp/guzzle 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 oro/platform 6 gleez/cms 6 twig/twig 5 symfony/security-core 5 phpxmlrpc/phpxmlrpc 5 woocommerce/woocommerce 5 elgg/elgg 5 neos/flow 5 neos/neos 5 ibexa/core 5 billz/raspap-webgui 5 gugoan/economizzer 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 bottelet/flarepoint 5 simplesamlphp/saml2 5 phpservermon/phpservermon 5 typo3/cms-install 5 cachethq/cachet 5 pear/archive_tar 5 typo3/flow 5 codeigniter/framework 5 illuminate/database 5 anchorcms/anchor-cms 5 processwire/processwire 4 shopware/storefront 4 idno/known 4 evolutioncms/evolution 4 ezsystems/ezplatform 4 codeigniter4/shield 4 appwrite/server-ce 4 kimai/kimai 4 symfony/security-bundle 4 magento/product-community-edition 4 adodb/adodb-php 4 bytefury/crater 4 sylius/resource-bundle 4 pyrocms/pyrocms 4 modx/revolution 4 shopxo/shopxo 4 notrinos/notrinos-erp 4 zendframework/zendopenid 4 spatie/browsershot 4 oro/commerce 4 typo3/cms-frontend 4 wp-premium/gravityforms 4 bref/bref 4 friendsofsymfony/user-bundle 4 typo3/html-sanitizer 4 wintercms/winter 4 bbpress/bbpress 3 privatebin/privatebin 3 reportico-web/reportico 3 zendframework/zend-http 3 ckeditor4 3 enhavo/enhavo-app 3 joomla/framework 3 phpoffice/phpspreadsheet 3 buddypress/buddypress 3 symfony/form 3 qcubed/qcubed 3 zencart/zencart 3 typo3/cms-form 3 amphp/http-client 3 joomla/joomla-cms 3 verbb/comments 3 zendframework/zend-diactoros 3 icecoder/icecoder 3 apache-solr-for-typo3/solr 3 flarum/framework 3 doctrine/orm 3 rudloff/alltube 3 froala/wysiwyg-editor 3 pixelfed/pixelfed 3 limesurvey/limesurvey 3 yiisoft/yii 3