VIR Vulnerability Intelligence Relay

Package impact

npm npm / @vendure/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-40887 unknown 2mo ago @vendure/core has a SQL Injection vulnerability
CVE-2026-25050 unknown 4mo ago Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy