Package impact

Packagist / shopware/platform

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-31889	unknown	—	—	3mo ago	Shopware vulnerable to a potential take over of app credentials
CVE-2026-31888	unknown	—	—	3mo ago	Shopware has user enumeration via distinct error codes on Store API login endpoint
CVE-2026-31887	unknown	—	—	3mo ago	Shopware: Unauthenticated data extraction possible through store-api.order endpoint
CVE-2025-7954	unknown	—	—	10mo ago	Shopware race condition bypasses voucher restrictions
CVE-2025-32378	unknown	—	—	1y ago	Shopware default newsletter opt-in settings allow for mass sign-up abuse
CVE-2025-27892	unknown	—	—	1y ago	Shopware Vulnerable to Blind SQL-injection in DAL aggregations
CVE-2025-30151	unknown	—	—	1y ago	Shopware allows Denial Of Service via password length
CVE-2025-30150	unknown	—	—	1y ago	Shopware 6 allows attackers to check for registered accounts through the store-api
CVE-2024-42357	unknown	—	—	2y ago	Shopware vulnerable to blind SQL-injection in DAL aggregations
CVE-2024-42356	unknown	—	—	2y ago	Shopware vulnerable to Server Side Template Injection in Twig using Context functions
CVE-2024-42355	unknown	—	—	2y ago	Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
CVE-2024-42354	unknown	—	—	2y ago	Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
CVE-2024-31447	unknown	—	—	2y ago	Shopware Improper Session Handling in store-api account logout
CVE-2024-27917	unknown	—	—	2y ago	Shopware's session is persistent in Cache for 404 pages
CVE-2024-22407	unknown	—	—	2y ago	Broken Access Control order API in Shopware
CVE-2024-22406	unknown	—	—	2y ago	Blind SQL injection in shopware
CVE-2023-2017	unknown	—	—	3y ago	Shopware Has Improper Control of Generation of Code in Twig rendered views
CVE-2023-22734	unknown	—	—	3y ago	Shopware has Improper Input Validation issue in newsletter subscription
CVE-2023-22732	unknown	—	—	3y ago	Shopware has Insufficient Session Expiration in Administration
CVE-2023-22733	unknown	—	—	3y ago	Shopware's log module vulnerable to Improper Output Neutralization
CVE-2023-22731	unknown	—	—	3y ago	Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
CVE-2023-22730	unknown	—	—	3y ago	Shopware vulnerable to Improper Input Validation of Clearance sale in cart
CVE-2020-13970	unknown	—	—	4y ago	Shopware vulnerable to SSRF
CVE-2020-13997	unknown	—	—	4y ago	Shopware database password is leaked to an unauthenticated users
CVE-2020-13971	unknown	—	—	4y ago	Shopware vulnerable to Cross-site Scripting
CVE-2022-24872	unknown	—	—	4y ago	Improper Access Control in Shopware
CVE-2022-24871	unknown	—	—	4y ago	Server-Side Request Forgery (SSRF) in Shopware
CVE-2022-24747	unknown	—	—	4y ago	HTTP caching is marking private HTTP headers as public in Shopware
CVE-2022-24746	unknown	—	—	4y ago	HTML injection possibility in voucher code form in Shopware
CVE-2022-24744	unknown	—	—	4y ago	Shopware user session is not logged out if the password is reset via password recovery
CVE-2022-24745	unknown	—	—	4y ago	Shopware guest session is shared between customers
CVE-2021-32717	unknown	—	—	5y ago	Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-32716	unknown	—	—	5y ago	Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-32711	unknown	—	—	5y ago	Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37709	unknown	—	—	5y ago	Insecure direct object reference of log files of the Import/Export feature
CVE-2021-37708	unknown	—	—	5y ago	Command injection in mail agent settings
CVE-2021-37707	unknown	—	—	5y ago	Manipulation of product reviews via API
CVE-2021-37710	unknown	—	—	5y ago	Cross-Site Scripting via SVG media files
CVE-2021-37711	unknown	—	—	5y ago	Authenticated server-side request forgery in file upload via URL.
CVE-2021-32709	unknown	—	—	5y ago	Missing Authentication for Critical Function
CVE-2021-32710	unknown	—	—	5y ago	Potential Session Hijacking