Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/sylius/sylius@1.1.13
Typecomposer
Namespacesylius
Namesylius
Version1.1.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.9.12
Latest_non_vulnerable_version2.2.3
Affected_by_vulnerabilities
0
url VCID-2xyf-313h-f3ga
vulnerability_id VCID-2xyf-313h-f3ga
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57610
reference_id
reference_type
scores
0
value 0.09773
scoring_system epss
scoring_elements 0.93082
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57610
1
reference_url https://github.com/github/advisory-database/pull/5254
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/5254
2
reference_url https://github.com/nca785/CVE-2024-57610
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:57:40Z/
url https://github.com/nca785/CVE-2024-57610
3
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:57:40Z/
url https://github.com/Sylius/Sylius
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-57610
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-57610
5
reference_url https://sylius.com
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sylius.com
6
reference_url https://github.com/advisories/GHSA-2hjh-495w-hmxc
reference_id GHSA-2hjh-495w-hmxc
reference_type
scores
url https://github.com/advisories/GHSA-2hjh-495w-hmxc
7
reference_url https://sylius.com/
reference_id sylius.com
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T15:57:40Z/
url https://sylius.com/
fixed_packages
0
url pkg:composer/sylius/sylius@2.0.3
purl pkg:composer/sylius/sylius@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@2.0.3
aliases CVE-2024-57610, GHSA-2hjh-495w-hmxc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xyf-313h-f3ga
1
url VCID-5had-y7w7-gbdv
vulnerability_id VCID-5had-y7w7-gbdv
summary 
Improper Restriction of Rendered UI Layers or Frames
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24733
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52244
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24733
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:08Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
3
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:08Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
4
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:08Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24733
reference_id CVE-2022-24733
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24733
6
reference_url https://github.com/advisories/GHSA-4jp3-q2qm-9fmw
reference_id GHSA-4jp3-q2qm-9fmw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jp3-q2qm-9fmw
7
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-4jp3-q2qm-9fmw
reference_id GHSA-4jp3-q2qm-9fmw
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:08Z/
url https://github.com/Sylius/Sylius/security/advisories/GHSA-4jp3-q2qm-9fmw
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.10
purl pkg:composer/sylius/sylius@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.10
1
url pkg:composer/sylius/sylius@1.10.0-alpha.1
purl pkg:composer/sylius/sylius@1.10.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.0-alpha.1
2
url pkg:composer/sylius/sylius@1.10.11
purl pkg:composer/sylius/sylius@1.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.11
3
url pkg:composer/sylius/sylius@1.11.0-alpha.1
purl pkg:composer/sylius/sylius@1.11.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.0-alpha.1
4
url pkg:composer/sylius/sylius@1.11.2
purl pkg:composer/sylius/sylius@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.2
aliases CVE-2022-24733, GHSA-4jp3-q2qm-9fmw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5had-y7w7-gbdv
2
url VCID-fcmr-qdzt-jyg8
vulnerability_id VCID-fcmr-qdzt-jyg8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29376
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32576
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29376
1
reference_url https://github.com/r2tunes/Reports/blob/main/Sylius.md
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T23:48:15Z/
url https://github.com/r2tunes/Reports/blob/main/Sylius.md
2
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
3
reference_url https://github.com/Sylius/Sylius/commit/fb0ecb275747e364f1d4744ed8605c57f9bd8a80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/commit/fb0ecb275747e364f1d4744ed8605c57f9bd8a80
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29376
reference_id CVE-2024-29376
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29376
5
reference_url https://github.com/advisories/GHSA-7prj-9ccr-hr3q
reference_id GHSA-7prj-9ccr-hr3q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7prj-9ccr-hr3q
6
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-7prj-9ccr-hr3q
reference_id GHSA-7prj-9ccr-hr3q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/security/advisories/GHSA-7prj-9ccr-hr3q
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.12
purl pkg:composer/sylius/sylius@1.9.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.12
1
url pkg:composer/sylius/sylius@1.10.16
purl pkg:composer/sylius/sylius@1.10.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.16
2
url pkg:composer/sylius/sylius@1.11.17
purl pkg:composer/sylius/sylius@1.11.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.17
3
url pkg:composer/sylius/sylius@1.12.16
purl pkg:composer/sylius/sylius@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.12.16
4
url pkg:composer/sylius/sylius@1.13.1
purl pkg:composer/sylius/sylius@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.13.1
aliases CVE-2024-29376, GHSA-7prj-9ccr-hr3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcmr-qdzt-jyg8
3
url VCID-jrh1-yy2r-a3g5
vulnerability_id VCID-jrh1-yy2r-a3g5
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24742
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57909
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24742
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:05Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
3
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:05Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
4
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:05Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24742
reference_id CVE-2022-24742
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24742
6
reference_url https://github.com/advisories/GHSA-7563-75j9-6h5p
reference_id GHSA-7563-75j9-6h5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7563-75j9-6h5p
7
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p
reference_id GHSA-7563-75j9-6h5p
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:05Z/
url https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.10
purl pkg:composer/sylius/sylius@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.10
1
url pkg:composer/sylius/sylius@1.10.0-alpha.1
purl pkg:composer/sylius/sylius@1.10.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.0-alpha.1
2
url pkg:composer/sylius/sylius@1.10.11
purl pkg:composer/sylius/sylius@1.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.11
3
url pkg:composer/sylius/sylius@1.11.0-alpha.1
purl pkg:composer/sylius/sylius@1.11.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.0-alpha.1
4
url pkg:composer/sylius/sylius@1.11.2
purl pkg:composer/sylius/sylius@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.2
aliases CVE-2022-24742, GHSA-7563-75j9-6h5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrh1-yy2r-a3g5
4
url VCID-p281-qypt-9bar
vulnerability_id VCID-p281-qypt-9bar
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34349
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21229
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34349
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/commit/ba4b66da5af88cdb1bba6174de8bdf42f4853e12
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:30:14Z/
url https://github.com/Sylius/Sylius/commit/ba4b66da5af88cdb1bba6174de8bdf42f4853e12
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34349
reference_id CVE-2024-34349
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-34349
4
reference_url https://github.com/advisories/GHSA-v2f9-rv6w-vw8r
reference_id GHSA-v2f9-rv6w-vw8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2f9-rv6w-vw8r
5
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-v2f9-rv6w-vw8r
reference_id GHSA-v2f9-rv6w-vw8r
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-10T18:30:14Z/
url https://github.com/Sylius/Sylius/security/advisories/GHSA-v2f9-rv6w-vw8r
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.12
purl pkg:composer/sylius/sylius@1.9.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.12
1
url pkg:composer/sylius/sylius@1.10.16
purl pkg:composer/sylius/sylius@1.10.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.16
2
url pkg:composer/sylius/sylius@1.11.17
purl pkg:composer/sylius/sylius@1.11.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.17
3
url pkg:composer/sylius/sylius@1.12.16
purl pkg:composer/sylius/sylius@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.12.16
4
url pkg:composer/sylius/sylius@1.13.1
purl pkg:composer/sylius/sylius@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.13.1
aliases CVE-2024-34349, GHSA-v2f9-rv6w-vw8r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p281-qypt-9bar
5
url VCID-p9uy-wvde-5kd3
vulnerability_id VCID-p9uy-wvde-5kd3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3841
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35823
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3841
1
reference_url https://github.com/sylius/sylius
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sylius/sylius
2
reference_url https://github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:35:41Z/
url https://github.com/sylius/sylius/commit/3da169e0c23e752974d74223cc536c29a2a82edc
3
reference_url https://huntr.com/bounties/1625506791178-Sylius/Sylius
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:35:41Z/
url https://huntr.com/bounties/1625506791178-Sylius/Sylius
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3841
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3841
5
reference_url https://github.com/advisories/GHSA-hhvr-2q69-4563
reference_id GHSA-hhvr-2q69-4563
reference_type
scores
url https://github.com/advisories/GHSA-hhvr-2q69-4563
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.10
purl pkg:composer/sylius/sylius@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.10
1
url pkg:composer/sylius/sylius@1.10.11
purl pkg:composer/sylius/sylius@1.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.11
2
url pkg:composer/sylius/sylius@1.11.2
purl pkg:composer/sylius/sylius@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.2
aliases CVE-2021-3841, GHSA-hhvr-2q69-4563
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9uy-wvde-5kd3
6
url VCID-u2pp-s3q1-suat
vulnerability_id VCID-u2pp-s3q1-suat
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40633
reference_id
reference_type
scores
0
value 0.00239
scoring_system epss
scoring_elements 0.47161
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40633
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/commit/d833b2871caa3b8d1f0a8207378bb778f0b90464
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/commit/d833b2871caa3b8d1f0a8207378bb778f0b90464
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-40633
reference_id CVE-2024-40633
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-40633
4
reference_url https://github.com/advisories/GHSA-55rf-8q29-4g43
reference_id GHSA-55rf-8q29-4g43
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-55rf-8q29-4g43
5
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43
reference_id GHSA-55rf-8q29-4g43
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-17T19:06:37Z/
url https://github.com/Sylius/Sylius/security/advisories/GHSA-55rf-8q29-4g43
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.12
purl pkg:composer/sylius/sylius@1.9.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.12
1
url pkg:composer/sylius/sylius@1.10.16
purl pkg:composer/sylius/sylius@1.10.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.16
2
url pkg:composer/sylius/sylius@1.11.17
purl pkg:composer/sylius/sylius@1.11.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.17
3
url pkg:composer/sylius/sylius@1.12.19
purl pkg:composer/sylius/sylius@1.12.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.12.19
4
url pkg:composer/sylius/sylius@1.13.4
purl pkg:composer/sylius/sylius@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.13.4
aliases CVE-2024-40633, GHSA-55rf-8q29-4g43
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2pp-s3q1-suat
7
url VCID-u4j4-vp81-efg2
vulnerability_id VCID-u4j4-vp81-efg2
summary 
Cross-site Scripting
XSS injection in the Grid component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12186
reference_id
reference_type
scores
0
value 0.00295
scoring_system epss
scoring_elements 0.53029
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12186
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12186
reference_id CVE-2019-12186
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12186
2
reference_url https://sylius.com/blog/cve-2019-12186
reference_id CVE-2019-12186
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sylius.com/blog/cve-2019-12186
3
reference_url https://sylius.com/blog/cve-2019-12186/
reference_id CVE-2019-12186
reference_type
scores
url https://sylius.com/blog/cve-2019-12186/
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/grid/CVE-2019-12186.yaml
reference_id CVE-2019-12186.YAML
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/grid/CVE-2019-12186.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2019-12186.yaml
reference_id CVE-2019-12186.YAML
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2019-12186.yaml
6
reference_url https://github.com/advisories/GHSA-rc5r-697f-28x6
reference_id GHSA-rc5r-697f-28x6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rc5r-697f-28x6
fixed_packages
0
url pkg:composer/sylius/sylius@1.1.18
purl pkg:composer/sylius/sylius@1.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-u4j4-vp81-efg2
8
vulnerability VCID-vg6m-u7zj-puex
9
vulnerability VCID-w3vf-n1z7-abat
10
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.1.18
1
url pkg:composer/sylius/sylius@1.2.17
purl pkg:composer/sylius/sylius@1.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-vg6m-u7zj-puex
8
vulnerability VCID-w3vf-n1z7-abat
9
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.2.17
2
url pkg:composer/sylius/sylius@1.3.12
purl pkg:composer/sylius/sylius@1.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-vg6m-u7zj-puex
8
vulnerability VCID-w3vf-n1z7-abat
9
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.3.12
3
url pkg:composer/sylius/sylius@1.4.4
purl pkg:composer/sylius/sylius@1.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-vg6m-u7zj-puex
8
vulnerability VCID-w3vf-n1z7-abat
9
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.4.4
aliases CVE-2019-12186, GHSA-rc5r-697f-28x6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4j4-vp81-efg2
8
url VCID-vg6m-u7zj-puex
vulnerability_id VCID-vg6m-u7zj-puex
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16768
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57553
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16768
1
reference_url https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945f
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945f
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16768
reference_id CVE-2019-16768
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16768
3
reference_url https://github.com/advisories/GHSA-3r8j-pmch-5j2h
reference_id GHSA-3r8j-pmch-5j2h
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3r8j-pmch-5j2h
4
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2h
reference_id GHSA-3r8j-pmch-5j2h
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2h
fixed_packages
0
url pkg:composer/sylius/sylius@1.3.14
purl pkg:composer/sylius/sylius@1.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-w3vf-n1z7-abat
8
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.3.14
1
url pkg:composer/sylius/sylius@1.4.10
purl pkg:composer/sylius/sylius@1.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-w3vf-n1z7-abat
8
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.4.10
2
url pkg:composer/sylius/sylius@1.5.7
purl pkg:composer/sylius/sylius@1.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-w3vf-n1z7-abat
8
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.5.7
3
url pkg:composer/sylius/sylius@1.6.3
purl pkg:composer/sylius/sylius@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-w3vf-n1z7-abat
8
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.6.3
aliases CVE-2019-16768, GHSA-3r8j-pmch-5j2h
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vg6m-u7zj-puex
9
url VCID-w3vf-n1z7-abat
vulnerability_id VCID-w3vf-n1z7-abat
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15245
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.3857
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15245
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/commit/60636d711a4011e8694d10d201b53632c7e8ecaf
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/commit/60636d711a4011e8694d10d201b53632c7e8ecaf
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15245
reference_id CVE-2020-15245
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15245
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-15245.yaml
reference_id CVE-2020-15245.YAML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-15245.yaml
5
reference_url https://github.com/advisories/GHSA-6gw4-x63h-5499
reference_id GHSA-6gw4-x63h-5499
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6gw4-x63h-5499
6
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-6gw4-x63h-5499
reference_id GHSA-6gw4-x63h-5499
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/security/advisories/GHSA-6gw4-x63h-5499
fixed_packages
0
url pkg:composer/sylius/sylius@1.6.9
purl pkg:composer/sylius/sylius@1.6.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.6.9
1
url pkg:composer/sylius/sylius@1.7.0-ALPHA.1
purl pkg:composer/sylius/sylius@1.7.0-ALPHA.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.7.0-ALPHA.1
2
url pkg:composer/sylius/sylius@1.7.9
purl pkg:composer/sylius/sylius@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.7.9
3
url pkg:composer/sylius/sylius@1.8.0-RC.1
purl pkg:composer/sylius/sylius@1.8.0-RC.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.8.0-RC.1
4
url pkg:composer/sylius/sylius@1.8.3
purl pkg:composer/sylius/sylius@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-5had-y7w7-gbdv
2
vulnerability VCID-fcmr-qdzt-jyg8
3
vulnerability VCID-jrh1-yy2r-a3g5
4
vulnerability VCID-p281-qypt-9bar
5
vulnerability VCID-p9uy-wvde-5kd3
6
vulnerability VCID-u2pp-s3q1-suat
7
vulnerability VCID-zqdm-ac3a-xqa1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.8.3
aliases CVE-2020-15245, GHSA-6gw4-x63h-5499
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3vf-n1z7-abat
10
url VCID-zqdm-ac3a-xqa1
vulnerability_id VCID-zqdm-ac3a-xqa1
summary 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24749
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54281
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24749
1
reference_url https://github.com/Sylius/Sylius
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius
2
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:14Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.10.11
3
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:14Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.11.2
4
reference_url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:14Z/
url https://github.com/Sylius/Sylius/releases/tag/v1.9.10
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24749
reference_id CVE-2022-24749
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24749
6
reference_url https://github.com/advisories/GHSA-4qrp-27r3-66fj
reference_id GHSA-4qrp-27r3-66fj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qrp-27r3-66fj
7
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-4qrp-27r3-66fj
reference_id GHSA-4qrp-27r3-66fj
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:14Z/
url https://github.com/Sylius/Sylius/security/advisories/GHSA-4qrp-27r3-66fj
fixed_packages
0
url pkg:composer/sylius/sylius@1.9.10
purl pkg:composer/sylius/sylius@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.9.10
1
url pkg:composer/sylius/sylius@1.10.0-alpha.1
purl pkg:composer/sylius/sylius@1.10.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.0-alpha.1
2
url pkg:composer/sylius/sylius@1.10.11
purl pkg:composer/sylius/sylius@1.10.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.10.11
3
url pkg:composer/sylius/sylius@1.11.0-alpha.1
purl pkg:composer/sylius/sylius@1.11.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.0-alpha.1
4
url pkg:composer/sylius/sylius@1.11.2
purl pkg:composer/sylius/sylius@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyf-313h-f3ga
1
vulnerability VCID-fcmr-qdzt-jyg8
2
vulnerability VCID-p281-qypt-9bar
3
vulnerability VCID-u2pp-s3q1-suat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.11.2
aliases CVE-2022-24749, GHSA-4qrp-27r3-66fj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqdm-ac3a-xqa1
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/sylius/sylius@1.1.13