pkg:Packagist/magento/project-community-edition

161 total CVEsCRITICAL28HIGH48MEDIUM71LOW7

✅ Check your installed version

All known vulnerabilities

CRITICAL9.1CVE-2025-54236⚠ KEVMagento Community Edition Improper Input Validation vulnerability
from 0, <= 2.0.2
CRITICAL10.0CVE-2022-35698Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9632Magento security mitigation bypass vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9630Magento business logic error vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9631Magento security mitigation bypass vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9583Magento command injection vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9582Magento command injection vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9585Magento Defense-in-depth security mitigation vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9580Magento Security mitigation bypass vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9576Magento command injection vulnerability
from 0, <= 2.0.2
CRITICAL9.8CVE-2020-9578Magento command injection vulnerability
from 0, <= 2.0.2
CRITICAL9.6CVE-2020-9691Magento DOM-based Cross-site scripting vulnerability
from 0, <= 2.0.2
CRITICAL9.1CVE-2025-24434Improper Authorization vulnerability in Magento and Adobe Commerce
from 0, <= 2.0.2
CRITICAL9.1CVE-2024-20719Magento Open Source allows Cross-Site Scripting (XSS)
from 0, <= 2.0.2
CRITICAL9.1CVE-2024-20720Magento Open Source allows OS Command Injection
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36021Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36036Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36023Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2023-38208Magento Open Source allows Improper Neutralization of Special Elements Used
from 0, <= 2.0.2
CRITICAL9.1CVE-2023-29297Magento Open Source allows Improper Neutralization of Special Elements Used
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36025Magento is affected by an improper input validation vulnerability while saving a customer's details
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36040Magento has a file extension restrictions bypass
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-36042Magento executes code via the API File Option Upload Extension
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-21014Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-21025Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2021-21016Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
from 0, <= 2.0.2
CRITICAL9.1CVE-2020-24407Arbitrary code execution via file import functionality
from 0, <= 2.0.2
CRITICAL9.0CVE-2024-20758Magento Open Source allows Improper Input Validation
from 0, <= 2.0.2
HIGH8.8CVE-2023-38218Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
HIGH8.8CVE-2021-36032Magento is affected by an improper input validation vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-49557Magento Cross-site Scripting vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24438Magento stored Cross-Site Scripting (XSS) vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24415Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24414Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24410Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24416Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24412Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24413Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2025-24417Magento Stored Cross-Site Scripting (XSS) Vulnerability
from 0, <= 2.0.2
HIGH8.7CVE-2023-38219Magento Open Source allows Cross-Site Scripting (XSS)
from 0, <= 2.0.2
HIGH8.4CVE-2024-39402Magento OS Command ('OS Command Injection') vulnerability
from 0, <= 2.0.2
HIGH8.4CVE-2024-39401Magento OS Command ('OS Command Injection') vulnerability
from 0, <= 2.0.2
HIGH8.2CVE-2025-43585Magento Improper Authorization leading to security feature bypass
from 0, <= 2.0.2
HIGH8.2CVE-2025-24409Adobe Commerce Improper Authorization vulnerability
from 0, <= 2.0.2
HIGH8.1CVE-2025-54263Magento provides incorrect authorization through a security feature bypass
from 0, <= 2.0.2
HIGH8.1CVE-2025-54264Magento vulnerable to stored Cross-Site Scripting (XSS)
from 0, <= 2.0.2
HIGH8.1CVE-2025-49555Magento Cross-Site Request Forgery (CSRF) vulnerability
from 0, <= 2.0.2
HIGH8.1CVE-2025-24411Magento Improper Access Control vulnerability
from 0, <= 2.0.2
HIGH8.1CVE-2024-39400Magento DOM-based Cross-Site Scripting (XSS) vulnerability
from 0, <= 2.0.2
HIGH8.1CVE-2024-20759Magento Open Source allows Cross-Site Scripting (XSS)
from 0, <= 2.0.2
HIGH8.1CVE-2021-21030Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
from 0, <= 2.0.2
HIGH8.0CVE-2023-38250Magento Open Source allows SQL Injection
from 0, <= 2.0.2
HIGH8.0CVE-2023-38249Magento Open Source allows SQL Injection
from 0, <= 2.0.2
HIGH8.0CVE-2023-38221Magento Open Source allows SQL Injection
from 0, <= 2.0.2
HIGH8.0CVE-2021-36043Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension
from 0, <= 2.0.2
HIGH7.7CVE-2024-39399Magento Path Traversal vulnerability
from 0, <= 2.0.2
HIGH7.6CVE-2024-39403Magento Stored Cross-Site Scripting (XSS) vulnerability
from 0, <= 2.0.2
HIGH7.5CVE-2025-49556Magento has incorrect authorization issue that leads to arbitrary file system read
from 0, <= 2.0.2
HIGH7.5CVE-2025-49554Magento vulnerable to denial of service
from 0, <= 2.0.2
HIGH7.5CVE-2025-24406Adobe Commerce Path Traversal
from 0, <= 2.0.2
HIGH7.5CVE-2023-38220Magento Open Source allows Improper Authorization
from 0, <= 2.0.2
HIGH7.5CVE-2023-22248Magento Open Source affected by Improper Input Validation
from 0, <= 2.0.2
HIGH7.5CVE-2023-22247Magento Open Source allows XML Injection
from 0, <= 2.0.2
HIGH7.5CVE-2021-36044Magento affected by a server-side denial-of-service using a GraphQL field
from 0, <= 2.0.2
HIGH7.5CVE-2021-28583Magento Commerce insecure storage of sensitive documentation
from 0, <= 2.0.2
HIGH7.5CVE-2020-9587Magento authorization bypass vulnerability
from 0, <= 2.0.2
HIGH7.5CVE-2016-6485Unauthenticated crypto and weak IV in Magento\Framework\Encryption
>= 2.0, <= 2.0.2
HIGH7.4CVE-2024-39398Magento does not properly restrict excessive authentication attempts
from 0, <= 2.0.2
HIGH7.2CVE-2022-24093Magento Open Source affected by Improper Input Validation
from 0, <= 2.0.2
HIGH7.2CVE-2021-36022Magento XML Injection vulnerability in the Widgets Update Layout
from 0, <= 2.0.2
HIGH7.2CVE-2021-36029Magento improper authorization vulnerability
from 0, <= 2.0.2
HIGH7.2CVE-2021-36024Magento is affected by an os command injection via the Data collection endpoint
from 0, <= 2.0.2
HIGH7.2CVE-2021-36034Magento affected by remote code execution via a file upload
from 0, <= 2.0.2
HIGH7.2CVE-2021-36041Magento vulnerable to file upload attack
from 0, <= 2.0.2
HIGH7.2CVE-2020-9588Magento Signature verification bypass
from 0, <= 2.0.2
HIGH7.2CVE-2019-8114Magento 2 Community Edition RCE Vulnerability
from 0, < 1.9.4.3
MEDIUM6.9CVE-2021-28556Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
from 0, <= 2.0.2
MEDIUM6.8CVE-2023-26366Magento Open Source allows Server-Side Request Forgery (SSRF)
from 0, <= 2.0.2
MEDIUM6.5CVE-2025-54267Magento vulnerable to privilege escalation due to incorrect authorization
from 0, <= 2.0.2
MEDIUM6.5CVE-2025-24427Magento Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM6.5CVE-2025-24408Magento Information Exposure vulnerability
from 0, <= 2.0.2
MEDIUM6.5CVE-2025-24424Magento Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM6.5CVE-2023-38209Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM6.5CVE-2023-29289Magento Open Source allows XML Injection
from 0, <= 2.0.2
MEDIUM6.5CVE-2021-39864Magento Open Source allows Cross-Site Request Forgery (CSRF)
from 0, <= 2.0.2
MEDIUM6.5CVE-2021-36012Magento affected by a business logic error in the placeOrder graphql mutation
from 0, <= 2.0.2
MEDIUM6.5CVE-2021-36039Magento discloses sensitive information
from 0, <= 2.0.2
MEDIUM6.5CVE-2021-36038Magento discloses sensitive information via the Multishipping Module
from 0, <= 2.0.2
MEDIUM6.5CVE-2021-36037Magento is affected by an improper authorization vulnerability
from 0, <= 2.0.2
MEDIUM6.5CVE-2020-24401Incorrect permissions following the deletion of a user role or deactivation of a user
from 0, <= 2.0.2
MEDIUM6.5CVE-2020-9689Magento path traversal vulnerability
from 0, <= 2.0.2
MEDIUM6.1CVE-2020-9577Magento stored cross-site scripting vulnerability
from 0, <= 2.0.2
MEDIUM6.1CVE-2020-9581Magento stored cross-site scripting vulnerability
from 0, <= 2.0.2
MEDIUM5.9CVE-2025-54265Magento allows incorrect authorization
from 0, <= 2.0.2
MEDIUM5.9CVE-2025-49558Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
from 0, <= 2.0.2
MEDIUM5.6CVE-2021-21031Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
from 0, <= 2.0.2
MEDIUM5.6CVE-2021-21032Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
from 0, <= 2.0.2
MEDIUM5.4CVE-2025-24428Magento stored Cross-Site Scripting (XSS) vulnerability
from 0, <= 2.0.2
MEDIUM5.4CVE-2025-24437Magento Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM5.4CVE-2024-39418Magento Improper Authorization vulnerability
from 0, <= 2.0.2
MEDIUM5.4CVE-2021-28584Magento Commerce path traversal vulnerability in child theme store creation
from 0, <= 2.0.2
MEDIUM5.4CVE-2020-9584Magento Stored cross-site scripting
from 0, <= 2.0.2
MEDIUM5.3CVE-2025-49559Magento vulnerable to path traversal
from 0, <= 2.0.2
MEDIUM5.3CVE-2025-27206Magento Improper Access Control leads to security feature bypass
from 0, <= 2.0.2
MEDIUM5.3CVE-2025-27191Magento Improper Access Control leads to Security feature bypass
from 0, <= 2.0.2
MEDIUM5.3CVE-2025-27190Magento Improper Access Control leads to Security feature bypass
from 0, <= 2.0.2
MEDIUM5.3CVE-2025-24425Magento Business Logic Error vulnerability
from 0, <= 2.0.2
MEDIUM5.3CVE-2023-38251Magento Open Source allows Uncontrolled Resource Consumption
from 0, <= 2.0.2
MEDIUM5.3CVE-2023-38207Magento Open Source allows XML Injection
from 0, <= 2.0.2
MEDIUM5.3CVE-2023-29287Magento Open Source allows Information Exposure
from 0, <= 2.0.2
MEDIUM5.3CVE-2023-29290Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM5.3CVE-2023-22250Magento Open Source allows Improper Access Control
from 0, <= 2.0.2
MEDIUM5.3CVE-2022-35689Magento Open Source allows Improper Access Control
from 0, <= 2.0.2
MEDIUM5.3CVE-2022-35692Magento Open Source has Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM5.3CVE-2021-28585Magento Commerce improper input validation in customer customer webapi
from 0, <= 2.0.2
MEDIUM5.3CVE-2021-21022Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, <= 2.0.2
MEDIUM5.3CVE-2021-21026Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, <= 2.0.2
MEDIUM5.3CVE-2021-21020Magento Commerce Improper Access Control Vulnerability
from 0, <= 2.0.2
MEDIUM5.0CVE-2021-28567Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission
from 0, <= 2.0.2
MEDIUM4.9CVE-2024-20716Magento Open Source allows Uncontrolled Resource Consumption
from 0, <= 2.0.2
MEDIUM4.9CVE-2023-26367Magento Open Source has Improper Input Validation Vulnerability
from 0, <= 2.0.2
MEDIUM4.9CVE-2023-29291Magento Open Source allows Server-Side Request Forgery (SSRF)
from 0, <= 2.0.2
MEDIUM4.9CVE-2023-29292Magento Open Source allows Server-Side Request Forgery (SSRF)
from 0, <= 2.0.2
MEDIUM4.9CVE-2020-24402Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
from 0, <= 2.0.2
MEDIUM4.8CVE-2025-54266Magento vulnerable to stored Cross-Site Scripting (XSS)
from 0, <= 2.0.2
MEDIUM4.8CVE-2021-21023Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
from 0, <= 2.0.2
MEDIUM4.3CVE-2025-49550Magento Security feature bypass
from 0, <= 2.0.2
MEDIUM4.3CVE-2025-24435Magento Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2025-24436Magento Improper Access Control vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2025-24421Magento Incorrect Authorization vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39417Magento Improper Authorization leads to Security feature bypass
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39407Magento Improper Authorization vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39413Magento Improper Authorization vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39411Magento Improper Authorization leads to security feature bypass
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39416Magento Improper Authorization leads to Security feature bypass
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39419Magento Improper Access Control Leads to Privilege escalation
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39415Magento Improper Authorization Leading to Security feature bypass
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39414Magento Improper Access Control Leads to Privilege escalation
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39405Magento Improper Authorization vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-39404Magento Improper Authorization vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2024-20718Magento Open Source allows Cross-Site Request Forgery (CSRF)
from 0, <= 2.0.2
MEDIUM4.3CVE-2023-29288Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM4.3CVE-2023-29296Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM4.3CVE-2023-29295Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM4.3CVE-2023-29294Magento Open Source has Business Logic Errors Vulnerability
from 0, <= 2.0.2
MEDIUM4.3CVE-2023-22251Magento Open Source allows Incorrect Authorization
from 0, <= 2.0.2
MEDIUM4.3CVE-2021-21027Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
from 0, <= 2.0.2
LOW3.7CVE-2025-24432Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
from 0, <= 2.0.2
LOW3.7CVE-2025-24430Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
from 0, <= 2.0.2
LOW3.5CVE-2025-24429Magento Improper Access Control vulnerability
from 0, <= 2.0.2
LOW2.7CVE-2025-49549Magento Authenticated Security feature bypass
from 0, <= 2.0.2
LOW2.7CVE-2025-27192Magento does not properly protect credentials
from 0, <= 2.0.2
LOW2.7CVE-2023-29293Magento Open Source affected by Improper Input Validation
from 0, <= 2.0.2
LOW2.7CVE-2020-24403Incorrect permissions could lead to unauthorized modification of inventory source data via REST API
from 0, <= 2.0.2
—CVE-2021-36027Magento stored cross-site scripting vulnerability
from 0, <= 2.0.2
—CVE-2021-36026Magento stored cross-site scripting vulnerability in the customer address upload feature
from 0, <= 2.0.2
—CVE-2021-36020Magento XML Injection vulnerability in the 'City' field
from 0, <= 2.0.2
—CVE-2021-36028Magento has an XML Injection vulnerability
from 0, <= 2.0.2
—CVE-2021-36031Magento Path Traversal vulnerability via the `theme[preview_image]` parameter
from 0, <= 2.0.2
—CVE-2021-36030Magento allows attackers to alter the price of items
from 0, <= 2.0.2
—CVE-2021-36033Magento XML Injection vulnerability in the Widgets Module
from 0, <= 2.0.2