magento/community-edition vulnerabilities

Magento 2 (Open Source)

Latest version: 2.3.5-p1

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the magento/community-edition package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • H
Cross-site Scripting (XSS)
<1.9.4.4 Not available 29 May, 2020
  • H
SQL Injection
<1.9.4.4 Not available 29 May, 2020
  • H
Arbitrary Code Execution
<1.9.4.4 Not available 29 May, 2020
  • H
Directory Traversal
<1.9.4.4 Not available 29 May, 2020
  • H
Cross-site Scripting (XSS)
<1.9.4.4 Not available 29 May, 2020
  • H
Deserialization of Untrusted Data
<1.9.4.4 Not available 29 May, 2020
  • H
Security Bypass
<1.9.4.5 Not available 13 May, 2020
  • H
Security Bypass
<1.9.4.5 Not available 13 May, 2020
  • M
Privilege Escalation
<1.9.4.4 Not available 10 May, 2020
  • H
Authorization Bypass
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • M
Command Injection
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • M
Arbitrary Code Execution
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Cross-site Scripting (XSS)
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Command Injection
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Improper Authorization
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Command Injection
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Arbitrary Code Execution
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Command Injection
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Arbitrary Code Execution
<1.9.4.5 Not available 07 May, 2020
  • H
Cross-site Scripting (XSS)
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Cross-site Scripting (XSS)
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • H
Improper Authorization
>=2.3.5, <2.3.5-p1,<2.3.4-p2 Not available 07 May, 2020
  • M
Signature Validation Bypass
<1.9.4.5 Not available 06 May, 2020
  • H
Arbitrary Code Execution
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 06 Nov, 2019
  • M
Race Condition
>=2.3, <2.3.3 Not available 18 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019