Package impact

Packagist / magento/community-edition

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2025-54236	critical	9.1	10.0				9mo ago	Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2016-6485	high	7.5	7.5				9y ago	Unauthenticated crypto and weak IV in Magento\Framework\Encryption
CVE-2025-54265	medium	5.9	5.9				8mo ago	Magento allows incorrect authorization
CVE-2024-34102	unknown	—	2.5				2y ago	Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
CVE-2022-24086	unknown	—	1.5				4y ago	Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
CVE-2025-54267	unknown	—	—				8mo ago	Magento vulnerable to privilege escalation due to incorrect authorization
CVE-2025-54263	unknown	—	—				8mo ago	Magento provides incorrect authorization through a security feature bypass
CVE-2025-54266	unknown	—	—				8mo ago	Magento vulnerable to stored Cross-Site Scripting (XSS)
CVE-2025-54264	unknown	—	—				8mo ago	Magento vulnerable to stored Cross-Site Scripting (XSS)
CVE-2025-49557	unknown	—	—				10mo ago	Magento Cross-site Scripting vulnerability
CVE-2025-49558	unknown	—	—				10mo ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-49559	unknown	—	—				10mo ago	Magento vulnerable to path traversal
CVE-2025-49556	unknown	—	—				10mo ago	Magento has incorrect authorization issue that leads to arbitrary file system read
CVE-2025-49555	unknown	—	—				10mo ago	Magento Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-49554	unknown	—	—				10mo ago	Magento vulnerable to denial of service
CVE-2025-49550	unknown	—	—				11mo ago	Magento Security feature bypass
CVE-2025-49549	unknown	—	—				11mo ago	Magento Authenticated Security feature bypass
CVE-2025-47110	unknown	—	—				1y ago	Magneto contains stored XSS vulnerability
CVE-2025-43585	unknown	—	—				1y ago	Magento Improper Authorization leading to security feature bypass
CVE-2025-27206	unknown	—	—				1y ago	Magento Improper Access Control leads to security feature bypass
CVE-2025-27192	unknown	—	—				1y ago	Magento does not properly protect credentials
CVE-2025-27188	unknown	—	—				1y ago	Magento Improper Authorization vulnerability
CVE-2025-27191	unknown	—	—				1y ago	Magento Improper Access Control leads to Security feature bypass
CVE-2025-27190	unknown	—	—				1y ago	Magento Improper Access Control leads to Security feature bypass
CVE-2025-24434	unknown	—	—				1y ago	Improper Authorization vulnerability in Magento and Adobe Commerce
CVE-2025-24432	unknown	—	—				1y ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-24436	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24437	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24430	unknown	—	—				1y ago	Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2025-24438	unknown	—	—				1y ago	Magento stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-24435	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24427	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24429	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24425	unknown	—	—				1y ago	Magento Business Logic Error vulnerability
CVE-2025-24428	unknown	—	—				1y ago	Magento stored Cross-Site Scripting (XSS) vulnerability
CVE-2025-24413	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24414	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24408	unknown	—	—				1y ago	Magento Information Exposure vulnerability
CVE-2025-24411	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24417	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24409	unknown	—	—				1y ago	Adobe Commerce Improper Authorization vulnerability
CVE-2025-24415	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24416	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24410	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2025-24421	unknown	—	—				1y ago	Magento Incorrect Authorization vulnerability
CVE-2025-24424	unknown	—	—				1y ago	Magento Improper Access Control vulnerability
CVE-2025-24406	unknown	—	—				1y ago	Adobe Commerce Path Traversal
CVE-2025-24412	unknown	—	—				1y ago	Magento Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2024-45131	unknown	—	—				2y ago	Magento Open Source Improper Authorization vulnerability
CVE-2024-45135	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45132	unknown	—	—				2y ago	Magento Open Source Improper Authorization vulnerability
CVE-2024-45133	unknown	—	—				2y ago	Magento Open Source Information Exposure vulnerability
CVE-2024-45134	unknown	—	—				2y ago	Magento Open Source Information Exposure vulnerability
CVE-2024-45149	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45130	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45119	unknown	—	—				2y ago	Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
CVE-2024-45128	unknown	—	—				2y ago	Magento Open Source Improper Authorization vulnerability
CVE-2024-45116	unknown	—	—				2y ago	Magento Open Source Cross-Site Scripting (XSS) vulnerability
CVE-2024-45125	unknown	—	—				2y ago	Magento Open Source Incorrect Authorization vulnerability
CVE-2024-45124	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45121	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45123	unknown	—	—				2y ago	Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
CVE-2024-45120	unknown	—	—				2y ago	Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2024-45122	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45127	unknown	—	—				2y ago	Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-45129	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-45117	unknown	—	—				2y ago	Magento Open Source Improper Input Validation vulnerability
CVE-2024-45118	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-39414	unknown	—	—				2y ago	Magento Improper Access Control Leads to Privilege escalation
CVE-2024-39410	unknown	—	—				2y ago	Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
CVE-2024-39415	unknown	—	—				2y ago	Magento Improper Authorization Leading to Security feature bypass
CVE-2024-39409	unknown	—	—				2y ago	Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
CVE-2024-39418	unknown	—	—				2y ago	Magento Improper Authorization vulnerability
CVE-2024-39406	unknown	—	—				2y ago	Magento Open Source Path Traversal vulnerability
CVE-2024-39412	unknown	—	—				2y ago	Magento Open Source Improper Authorization vulnerability
CVE-2024-39419	unknown	—	—				2y ago	Magento Improper Access Control Leads to Privilege escalation
CVE-2024-39408	unknown	—	—				2y ago	Magento Open Source Cross-Site Request Forgery vulnerability
CVE-2024-39407	unknown	—	—				2y ago	Magento Improper Authorization vulnerability
CVE-2024-39416	unknown	—	—				2y ago	Magento Improper Authorization leads to Security feature bypass
CVE-2024-39417	unknown	—	—				2y ago	Magento Improper Authorization leads to Security feature bypass
CVE-2024-39413	unknown	—	—				2y ago	Magento Improper Authorization vulnerability
CVE-2024-39411	unknown	—	—				2y ago	Magento Improper Authorization leads to security feature bypass
CVE-2024-39399	unknown	—	—				2y ago	Magento Path Traversal vulnerability
CVE-2024-39398	unknown	—	—				2y ago	Magento does not properly restrict excessive authentication attempts
CVE-2024-39400	unknown	—	—				2y ago	Magento DOM-based Cross-Site Scripting (XSS) vulnerability
CVE-2024-39404	unknown	—	—				2y ago	Magento Improper Authorization vulnerability
CVE-2024-39402	unknown	—	—				2y ago	Magento OS Command ('OS Command Injection') vulnerability
CVE-2024-39401	unknown	—	—				2y ago	Magento OS Command ('OS Command Injection') vulnerability
CVE-2024-39403	unknown	—	—				2y ago	Magento Stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-39405	unknown	—	—				2y ago	Magento Improper Authorization vulnerability
CVE-2024-34111	unknown	—	—				2y ago	Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
CVE-2024-34104	unknown	—	—				2y ago	Magento Open Source Improper Authorization vulnerability
CVE-2024-34106	unknown	—	—				2y ago	Magento Open Source Incorrect Authorization vulnerability
CVE-2024-34107	unknown	—	—				2y ago	Magento Open Source Improper Access Control vulnerability
CVE-2024-34105	unknown	—	—				2y ago	Magento Open Source Cross-Site Scripting (XSS) vulnerability
CVE-2024-34103	unknown	—	—				2y ago	Magento Open Source Improper Authentication vulnerability
CVE-2024-20758	unknown	—	—				2y ago	Magento Open Source allows Improper Input Validation
CVE-2024-20759	unknown	—	—				2y ago	Magento Open Source allows Cross-Site Scripting (XSS)
CVE-2024-20719	unknown	—	—				2y ago	Magento Open Source allows Cross-Site Scripting (XSS)
CVE-2024-20716	unknown	—	—				2y ago	Magento Open Source allows Uncontrolled Resource Consumption