Package impact

Packagist / shopware/shopware

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2016-3109	critical	9.8	9.8	9y ago	Shopware RCE Vulnerability
CVE-2017-15374	medium	6.1	6.1	9y ago	Shopware XSS Vulnerability
CVE-2026-23498	unknown	—	—	4mo ago	Shopware Has Improper Control of Generation of Code in Twig rendered views
CVE-2025-67648	unknown	—	—	6mo ago	Shopware Storefront Reflected XSS in Storefront Login Page
CVE-2023-34099	unknown	—	—	3y ago	Shopware improper mail validation vulnerability
CVE-2023-34098	unknown	—	—	3y ago	Shopware dependency configuration exposed
CVE-2022-48150	unknown	—	—	3y ago	Shopware vulnerable to cross-site scripting (XSS)
CVE-2022-36101	unknown	—	—	4y ago	Shopware contains sensitive data in backend customer module
CVE-2022-36102	unknown	—	—	4y ago	Shopware access control list bypassed via crafted specific URLs
CVE-2022-31148	unknown	—	—	4y ago	Shopware vulnerable to persistent cross site scripting (XSS) in customer module
CVE-2022-31057	unknown	—	—	4y ago	Authenticated Stored Cross-site Scripting in Shopware
CVE-2019-12935	unknown	—	—	4y ago	Shopware Cross-site Scripting Vulnerability
CVE-2019-12799	unknown	—	—	4y ago	Shopware Insecure Deserialization Vulnerability
CVE-2018-20713	unknown	—	—	4y ago	Shopware SQL Injection
CVE-2017-18357	unknown	—	—	4y ago	Shopware XXE Vulnerability
CVE-2022-24892	unknown	—	—	4y ago	Multiple valid tokens for password reset in Shopware
CVE-2022-24879	unknown	—	—	4y ago	Malfunction of CSRF token validation in Shopware
CVE-2022-24873	unknown	—	—	4y ago	Reflected Cross-site Scripting in Shopware storefront
CVE-2022-21651	unknown	—	—	4y ago	Open redirect in shopware
CVE-2022-21652	unknown	—	—	4y ago	Insufficient Session Expiration in shopware
CVE-2021-41188	unknown	—	—	5y ago	Authenticated Stored XSS in shopware/shopware
CVE-2021-32713	unknown	—	—	5y ago	Cross-site scripting
CVE-2021-32712	unknown	—	—	5y ago	Exposure of Sensitive Information to an Unauthorized Actor