Package impact

Packagist / magento/project-community-edition

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2025-54236	critical	9.1	10.0	9mo ago	Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2016-6485	high	7.5	7.5	9y ago	Unauthenticated crypto and weak IV in Magento\Framework\Encryption
CVE-2025-54265	medium	5.9	5.9	8mo ago	Magento allows incorrect authorization
CVE-2025-54263	unknown	—	—	8mo ago	Magento provides incorrect authorization through a security feature bypass
CVE-2025-54266	unknown	—	—	8mo ago	Magento vulnerable to stored Cross-Site Scripting (XSS)
CVE-2025-54267	unknown	—	—	8mo ago	Magento vulnerable to privilege escalation due to incorrect authorization
CVE-2025-54264	unknown	—	—	8mo ago	Magento vulnerable to stored Cross-Site Scripting (XSS)
CVE-2025-49559	unknown	—	—	10mo ago	Magento vulnerable to path traversal
CVE-2025-49558	unknown	—	—	10mo ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-49557	unknown	—	—	10mo ago	Magento Cross-site Scripting vulnerability
CVE-2025-49556	unknown	—	—	10mo ago	Magento has incorrect authorization issue that leads to arbitrary file system read
CVE-2025-49555	unknown	—	—	10mo ago	Magento Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-49554	unknown	—	—	10mo ago	Magento vulnerable to denial of service
CVE-2025-49550	unknown	—	—	11mo ago	Magento Security feature bypass
CVE-2025-49549	unknown	—	—	11mo ago	Magento Authenticated Security feature bypass
CVE-2025-43585	unknown	—	—	1y ago	Magento Improper Authorization leading to security feature bypass
CVE-2025-27206	unknown	—	—	1y ago	Magento Improper Access Control leads to security feature bypass
CVE-2025-27190	unknown	—	—	1y ago	Magento Improper Access Control leads to Security feature bypass
CVE-2025-27192	unknown	—	—	1y ago	Magento does not properly protect credentials
CVE-2025-27191	unknown	—	—	1y ago	Magento Improper Access Control leads to Security feature bypass
CVE-2025-24434	unknown	—	—	1y ago	Improper Authorization vulnerability in Magento and Adobe Commerce
CVE-2025-24432	unknown	—	—	1y ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-24430	unknown	—	—	1y ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-24429	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24428	unknown	—	—	1y ago	Magento stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-24427	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24425	unknown	—	—	1y ago	Magento Business Logic Error vulnerability
CVE-2025-24438	unknown	—	—	1y ago	Magento stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-24437	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24436	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24435	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24412	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24424	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24421	unknown	—	—	1y ago	Magento Incorrect Authorization vulnerability
CVE-2025-24417	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24416	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24415	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24414	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24413	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24411	unknown	—	—	1y ago	Magento Improper Access Control vulnerability
CVE-2025-24410	unknown	—	—	1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24409	unknown	—	—	1y ago	Adobe Commerce Improper Authorization vulnerability
CVE-2025-24408	unknown	—	—	1y ago	Magento Information Exposure vulnerability
CVE-2025-24406	unknown	—	—	1y ago	Adobe Commerce Path Traversal
CVE-2024-39411	unknown	—	—	2y ago	Magento Improper Authorization leads to security feature bypass
CVE-2024-39419	unknown	—	—	2y ago	Magento Improper Access Control Leads to Privilege escalation
CVE-2024-39407	unknown	—	—	2y ago	Magento Improper Authorization vulnerability
CVE-2024-39418	unknown	—	—	2y ago	Magento Improper Authorization vulnerability
CVE-2024-39417	unknown	—	—	2y ago	Magento Improper Authorization leads to Security feature bypass
CVE-2024-39416	unknown	—	—	2y ago	Magento Improper Authorization leads to Security feature bypass
CVE-2024-39415	unknown	—	—	2y ago	Magento Improper Authorization Leading to Security feature bypass
CVE-2024-39414	unknown	—	—	2y ago	Magento Improper Access Control Leads to Privilege escalation
CVE-2024-39413	unknown	—	—	2y ago	Magento Improper Authorization vulnerability
CVE-2024-39401	unknown	—	—	2y ago	Magento OS Command ('OS Command Injection') vulnerability
CVE-2024-39398	unknown	—	—	2y ago	Magento does not properly restrict excessive authentication attempts
CVE-2024-39399	unknown	—	—	2y ago	Magento Path Traversal vulnerability
CVE-2024-39405	unknown	—	—	2y ago	Magento Improper Authorization vulnerability
CVE-2024-39404	unknown	—	—	2y ago	Magento Improper Authorization vulnerability
CVE-2024-39403	unknown	—	—	2y ago	Magento Stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-39402	unknown	—	—	2y ago	Magento OS Command ('OS Command Injection') vulnerability
CVE-2024-39400	unknown	—	—	2y ago	Magento DOM-based Cross-Site Scripting (XSS) vulnerability
CVE-2024-20758	unknown	—	—	2y ago	Magento Open Source allows Improper Input Validation
CVE-2024-20759	unknown	—	—	2y ago	Magento Open Source allows Cross-Site Scripting (XSS)
CVE-2024-20716	unknown	—	—	2y ago	Magento Open Source allows Uncontrolled Resource Consumption
CVE-2024-20719	unknown	—	—	2y ago	Magento Open Source allows Cross-Site Scripting (XSS)
CVE-2024-20720	unknown	—	—	2y ago	Magento Open Source allows OS Command Injection
CVE-2024-20718	unknown	—	—	2y ago	Magento Open Source allows Cross-Site Request Forgery (CSRF)
CVE-2023-38250	unknown	—	—	3y ago	Magento Open Source allows SQL Injection
CVE-2023-38251	unknown	—	—	3y ago	Magento Open Source allows Uncontrolled Resource Consumption
CVE-2023-38249	unknown	—	—	3y ago	Magento Open Source allows SQL Injection
CVE-2023-38220	unknown	—	—	3y ago	Magento Open Source allows Improper Authorization
CVE-2023-38218	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-26366	unknown	—	—	3y ago	Magento Open Source allows Server-Side Request Forgery (SSRF)
CVE-2023-38221	unknown	—	—	3y ago	Magento Open Source allows SQL Injection
CVE-2023-26367	unknown	—	—	3y ago	Magento Open Source has Improper Input Validation Vulnerability
CVE-2023-38219	unknown	—	—	3y ago	Magento Open Source allows Cross-Site Scripting (XSS)
CVE-2022-24093	unknown	—	—	3y ago	Magento Open Source affected by Improper Input Validation
CVE-2021-36021	unknown	—	—	3y ago	Magento affected by remote code execution vulnerability in the CMS page scheduled update feature
CVE-2021-36023	unknown	—	—	3y ago	Magento XML Injection vulnerability in the Widgets Update Layout
CVE-2021-36036	unknown	—	—	3y ago	Magento improper access control vulnerability within Magento's Media Gallery Upload workflow
CVE-2023-38208	unknown	—	—	3y ago	Magento Open Source allows Improper Neutralization of Special Elements Used
CVE-2023-38209	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-38207	unknown	—	—	3y ago	Magento Open Source allows XML Injection
CVE-2023-29294	unknown	—	—	3y ago	Magento Open Source has Business Logic Errors Vulnerability
CVE-2023-22248	unknown	—	—	3y ago	Magento Open Source affected by Improper Input Validation
CVE-2023-29297	unknown	—	—	3y ago	Magento Open Source allows Improper Neutralization of Special Elements Used
CVE-2023-29296	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-29295	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-29292	unknown	—	—	3y ago	Magento Open Source allows Server-Side Request Forgery (SSRF)
CVE-2023-29291	unknown	—	—	3y ago	Magento Open Source allows Server-Side Request Forgery (SSRF)
CVE-2023-29290	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-29289	unknown	—	—	3y ago	Magento Open Source allows XML Injection
CVE-2023-29288	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-29287	unknown	—	—	3y ago	Magento Open Source allows Information Exposure
CVE-2023-29293	unknown	—	—	3y ago	Magento Open Source affected by Improper Input Validation
CVE-2023-22250	unknown	—	—	3y ago	Magento Open Source allows Improper Access Control
CVE-2023-22251	unknown	—	—	3y ago	Magento Open Source allows Incorrect Authorization
CVE-2023-22247	unknown	—	—	3y ago	Magento Open Source allows XML Injection
CVE-2022-35698	unknown	—	—	4y ago	Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
CVE-2022-35689	unknown	—	—	4y ago	Magento Open Source allows Improper Access Control