magento/core vulnerabilities

Magento Core

Latest version: 1.9.4.2

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the magento/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Information Exposure
<1.9.4.2 Not available 12 Aug, 2019
  • L
Session Fixation
<1.9.4.2 Not available 12 Aug, 2019
  • H
Server-side Request Forgery (SSRF)
<1.9.4.2 Not available 12 Aug, 2019
  • H
Remote Code Execution
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
SQL Injection
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 12 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 08 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 08 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 08 Aug, 2019
  • M
Cross-site Request Forgery (CSRF)
<1.9.4.2 Not available 07 Aug, 2019
  • M
Information Exposure
<1.9.4.2 Not available 07 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 06 Aug, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.2 Not available 06 Aug, 2019
  • M
Information Disclousure
<1.9.4.1 Not available 02 Apr, 2019
  • M
Cross-site Request Forgery (CSRF)
<1.9.4.1 Not available 02 Apr, 2019
  • M
Cross-site Scripting (XSS)
<1.9.4.1 Not available 02 Apr, 2019
  • H
Remote Code Execution
<1.9.4.1 Not available 01 Apr, 2019
  • H
SQL Injection
<1.9.4.1 Not available 30 Mar, 2019
  • H
Privilege Escalation
<1.9.3.10 Not available 02 Jan, 2019
  • H
Information Exposure
<1.9.4.0 Not available 31 Dec, 2018
  • H
Authentication Bypass
<1.9.4.0 Not available 31 Dec, 2018
  • H
Remote Code Execution (RCE)
<1.9.4.0 Not available 31 Dec, 2018
  • H
Remote Code Execution (RCE)
<1.9.4.0 Not available 31 Dec, 2018
  • M
Privilege Escalation
<1.9.4.0 Not available 31 Dec, 2018
  • H
Remote Code Execution (RCE)
<1.9.4.0 Not available 31 Dec, 2018