Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@vendure/core

npm

A modern, headless ecommerce framework

View on github.com · View on npmjs.org

Security Advisories for @vendure/core in npm

Low
about 1 month ago

Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy GSA_kwCzR0hTQS02ZjY1LTRmdjItd3djaM4ABRvk

npm @vendure/core
Moderate
over 2 years ago

@vendure/core's insecure currencyCode handling allows wrong payment amounts GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1

npm @vendure/core
Low
over 2 years ago

Vendure Cross Site Request Forgery vulnerability impacting all API requests GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0

npm @vendure/core

Filter by Severity

Low 2 Moderate 1