magento/community-edition vulnerabilities

Magento 2 (Open Source)

Latest version: 2.3.2-p2

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the magento/community-edition package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Race Condition
>=2.3, <2.3.3 Not available 18 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
SQL Injection
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.1, <2.1.19,>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • M
Remote Code Execution (RCE)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Remote Code Execution (RCE)
>=2.3, <2.3.3,>=2.2, <2.2.10 Not available 15 Oct, 2019
  • M
XML External Entity (XXE) Injection
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • M
XML External Entity (XXE) Injection
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • M
Security Bypass
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • M
Unrestricted File Upload
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Information Exposure
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Improper Authentication
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Improper Authentication
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • M
Improper Authorization
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • L
Inadequate Encryption Strength
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • L
Inadequate Encryption Strength
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Security Bypass
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Security Bypass
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Arbitrary File Deletion
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Arbitrary File Deletion
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Cross-site Scripting (XSS)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Cross-site Scripting (XSS)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019
  • H
Cross-site Scripting (XSS)
>=2.2, <2.2.10,>=2.3, <2.3.2-p2 Not available 15 Oct, 2019