magento/community-edition vulnerabilities

Magento 2 (Open Source)

Latest version: 2.3.2

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the magento/community-edition package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Information Exposure
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • L
Session Fixation
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Security Bypass (PHP script injection)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Resource Injection
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Information Exposure
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Security Bypass (IDOR)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Inadequate Encryption Strength
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Inadequate Encryption Strength
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • L
Inadequate Encryption Strength
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Server-side Request Forgery (SSRF)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Server-side Request Forgery (SSRF)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Denial of Service (DoS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Remote Code Execution
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Remote Code Execution
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • H
Remote Code Execution
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Request Forgery (CSRF)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Request Forgery (CSRF)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Information Exposure
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
>=2.1.0, <2.1.18,>=2.2.0, <2.2.9,>=2.3.0, <2.3.2 Not available 12 Aug, 2019