Package impact
Packagist / magento/project-community-edition
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |
| CVE-2025-54265 | medium | 5.9 | 5.9 | 8mo ago | Magento allows incorrect authorization |