Package impact
Packagist / magento/community-edition
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |
| CVE-2016-6485 | high | 7.5 | 7.5 | 9y ago | Unauthenticated crypto and weak IV in Magento\Framework\Encryption |