Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/platform@6.4.1.0
Typecomposer
Namespaceshopware
Nameplatform
Version6.4.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.10.15
Latest_non_vulnerable_version6.7.8.1
Affected_by_vulnerabilities
0
url VCID-1qmp-51ee-qqhu
vulnerability_id VCID-1qmp-51ee-qqhu
summary 
### Impact
Canceling of orders not related to the logged-in user

### Patches
We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

### Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
references
0
reference_url https://github.com/shopware/platform/security/advisories/GHSA-wq3r-jwrq-xg6w
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-wq3r-jwrq-xg6w
1
reference_url https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
2
reference_url https://www.shopware.com/en/download/#shopware-6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.shopware.com/en/download/#shopware-6
3
reference_url https://github.com/advisories/GHSA-wq3r-jwrq-xg6w
reference_id GHSA-wq3r-jwrq-xg6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq3r-jwrq-xg6w
fixed_packages
0
url pkg:composer/shopware/platform@6.4.1.1
purl pkg:composer/shopware/platform@6.4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9asn-9v27-x3e1
8
vulnerability VCID-9f58-1dw2-uka2
9
vulnerability VCID-d284-ecsh-ebhw
10
vulnerability VCID-dqba-4hk6-eud2
11
vulnerability VCID-f9zv-9awa-qfha
12
vulnerability VCID-g4mm-3wn7-z3dr
13
vulnerability VCID-g55p-1gm9-j7d8
14
vulnerability VCID-ghc6-4er3-vueu
15
vulnerability VCID-h4gh-jepq-2ue8
16
vulnerability VCID-jx2r-jrwf-h3bm
17
vulnerability VCID-mdkz-brfm-4bhw
18
vulnerability VCID-nfjj-zv57-yyd8
19
vulnerability VCID-nhdh-f91b-kuex
20
vulnerability VCID-ntem-vp84-7fgu
21
vulnerability VCID-nzcj-wu6c-pfgw
22
vulnerability VCID-p5f5-9e68-rqdd
23
vulnerability VCID-parp-avvf-v3bu
24
vulnerability VCID-pb4v-pcjv-3kfr
25
vulnerability VCID-q355-4yb3-93cn
26
vulnerability VCID-qhgp-qxed-7qbc
27
vulnerability VCID-radt-bkq9-9ua5
28
vulnerability VCID-rfa4-81mz-qqd9
29
vulnerability VCID-s7y9-5z3z-syec
30
vulnerability VCID-sjfg-863y-c3fp
31
vulnerability VCID-sq4j-drbr-fub6
32
vulnerability VCID-stdp-p5h7-3kg3
33
vulnerability VCID-u41w-g79s-eyez
34
vulnerability VCID-ujfm-g8ne-cqhx
35
vulnerability VCID-vgjj-eqzd-t7a1
36
vulnerability VCID-ykq7-2fy3-b7e1
37
vulnerability VCID-z266-zw44-13et
38
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.1.1
1
url pkg:composer/shopware/platform@6.4.1%2B1
purl pkg:composer/shopware/platform@6.4.1%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.1%252B1
aliases GHSA-wq3r-jwrq-xg6w, GMS-2021-122, GMS-2021-129
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1qmp-51ee-qqhu
1
url VCID-1z5g-envj-nkb5
vulnerability_id VCID-1z5g-envj-nkb5
summary A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7954
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48931
published_at 2026-06-12T12:55:00Z
1
value 0.00252
scoring_system epss
scoring_elements 0.48934
published_at 2026-06-14T12:55:00Z
2
value 0.00252
scoring_system epss
scoring_elements 0.48795
published_at 2026-06-11T12:55:00Z
3
value 0.00252
scoring_system epss
scoring_elements 0.48949
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7954
1
reference_url http://seclists.org/fulldisclosure/2025/Aug/17
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2025/Aug/17
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7954
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7954
4
reference_url https://github.com/shopware/shopware/issues/11245
reference_id 11245
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-07T14:38:04Z/
url https://github.com/shopware/shopware/issues/11245
5
reference_url https://github.com/advisories/GHSA-27gv-mg7w-mm34
reference_id GHSA-27gv-mg7w-mm34
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27gv-mg7w-mm34
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10.5
purl pkg:composer/shopware/platform@6.6.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-nhdh-f91b-kuex
3
vulnerability VCID-nzcj-wu6c-pfgw
4
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.5
aliases CVE-2025-7954, GHSA-27gv-mg7w-mm34
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1z5g-envj-nkb5
2
url VCID-43zt-wnjy-rudk
vulnerability_id VCID-43zt-wnjy-rudk
summary Shopware vulnerable to path traversal via Plugin upload
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B7
purl pkg:composer/shopware/platform@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B7
1
url pkg:composer/shopware/platform@6.6.10.7
purl pkg:composer/shopware/platform@6.6.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.7
2
url pkg:composer/shopware/platform@6.7.3%2B1
purl pkg:composer/shopware/platform@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3%252B1
3
url pkg:composer/shopware/platform@6.7.3.1
purl pkg:composer/shopware/platform@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-637f-zxjb-8ufn
1
vulnerability VCID-dqba-4hk6-eud2
2
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3.1
aliases GHSA-6wh5-mw9h-5c3w
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43zt-wnjy-rudk
3
url VCID-5b7t-vavj-efae
vulnerability_id VCID-5b7t-vavj-efae
summary Shopware Customer Orders can be canceled, even if refunds are disabled
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
2
reference_url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B7
purl pkg:composer/shopware/platform@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B7
1
url pkg:composer/shopware/platform@6.6.10.7
purl pkg:composer/shopware/platform@6.6.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.7
2
url pkg:composer/shopware/platform@6.7.3%2B1
purl pkg:composer/shopware/platform@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3%252B1
3
url pkg:composer/shopware/platform@6.7.3.1
purl pkg:composer/shopware/platform@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-637f-zxjb-8ufn
1
vulnerability VCID-dqba-4hk6-eud2
2
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3.1
aliases GHSA-r2vg-hvjm-fg38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5b7t-vavj-efae
4
url VCID-5yxh-sqdk-37dy
vulnerability_id VCID-5yxh-sqdk-37dy
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22730
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53562
published_at 2026-06-11T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53689
published_at 2026-06-14T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53687
published_at 2026-06-12T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53703
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22730
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22730
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22730
3
reference_url https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9
reference_id 4fce12096e54b2033832d9104fa2e68888c2b4e9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9
4
reference_url https://github.com/advisories/GHSA-8r6h-m72v-38fg
reference_id GHSA-8r6h-m72v-38fg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r6h-m72v-38fg
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg
reference_id GHSA-8r6h-m72v-38fg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/platform@6.4.18%2B1
purl pkg:composer/shopware/platform@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18%252B1
1
url pkg:composer/shopware/platform@6.4.18.1
purl pkg:composer/shopware/platform@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18.1
aliases CVE-2023-22730, GHSA-8r6h-m72v-38fg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yxh-sqdk-37dy
5
url VCID-637f-zxjb-8ufn
vulnerability_id VCID-637f-zxjb-8ufn
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The "not found" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-06-11T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17628
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17654
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17636
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
reference_id CVE-2026-31888
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
3
reference_url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:39Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B14
purl pkg:composer/shopware/platform@6.6.10%2B14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B14
1
url pkg:composer/shopware/platform@6.6.10.14
purl pkg:composer/shopware/platform@6.6.10.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqba-4hk6-eud2
1
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.14
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31888, GHSA-gqc5-xv7m-gcjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-637f-zxjb-8ufn
6
url VCID-6tys-6s4d-fqcm
vulnerability_id VCID-6tys-6s4d-fqcm
summary 
Shopware Broken ACL on Document retrieval to access other customers documents
### Impact
It's possible to guess the deepLinkCode of an Document to open documents of other customers

### Patches
Update to Shopware 6.6.10.3 or 6.5.8.17

### Workarounds
For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
5
reference_url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
reference_id GHSA-68wv-g3fw-pq7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B17
purl pkg:composer/shopware/platform@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B17
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.10%2B3
purl pkg:composer/shopware/platform@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B3
3
url pkg:composer/shopware/platform@6.6.10.3
purl pkg:composer/shopware/platform@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.3
4
url pkg:composer/shopware/platform@6.7.0%2B0-rc2
purl pkg:composer/shopware/platform@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0%252B0-rc2
5
url pkg:composer/shopware/platform@6.7.0.0-rc2
purl pkg:composer/shopware/platform@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-nhdh-f91b-kuex
5
vulnerability VCID-nzcj-wu6c-pfgw
6
vulnerability VCID-sjfg-863y-c3fp
7
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0.0-rc2
aliases GHSA-68wv-g3fw-pq7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tys-6s4d-fqcm
7
url VCID-845f-5kns-bqcb
vulnerability_id VCID-845f-5kns-bqcb
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22732
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61686
published_at 2026-06-13T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61682
published_at 2026-06-14T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61576
published_at 2026-06-11T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61678
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22732
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22732
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22732
3
reference_url https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
reference_id cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
4
reference_url https://github.com/advisories/GHSA-59qg-93jg-236f
reference_id GHSA-59qg-93jg-236f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59qg-93jg-236f
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f
reference_id GHSA-59qg-93jg-236f
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/platform@6.4.18%2B1
purl pkg:composer/shopware/platform@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18%252B1
1
url pkg:composer/shopware/platform@6.4.18.1
purl pkg:composer/shopware/platform@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18.1
aliases CVE-2023-22732, GHSA-59qg-93jg-236f
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-845f-5kns-bqcb
8
url VCID-9asn-9v27-x3e1
vulnerability_id VCID-9asn-9v27-x3e1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37710
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55486
published_at 2026-06-11T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55607
published_at 2026-06-12T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55621
published_at 2026-06-13T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55609
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37710
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/abe9f69e1f667800f974acccd3047b4930e4b423
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-fc38-mxwr-pfhx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37710
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37710
5
reference_url https://github.com/advisories/GHSA-fc38-mxwr-pfhx
reference_id GHSA-fc38-mxwr-pfhx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fc38-mxwr-pfhx
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37710, GHSA-fc38-mxwr-pfhx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9asn-9v27-x3e1
9
url VCID-9f58-1dw2-uka2
vulnerability_id VCID-9f58-1dw2-uka2
summary Improper Access Control in Shopware
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24872
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40754
published_at 2026-06-12T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40777
published_at 2026-06-13T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40586
published_at 2026-06-11T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40764
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24872
1
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
2
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
3
reference_url https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24872
reference_id CVE-2022-24872
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24872
5
reference_url https://github.com/advisories/GHSA-9wrv-g75h-8ccc
reference_id GHSA-9wrv-g75h-8ccc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wrv-g75h-8ccc
6
reference_url https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc
reference_id GHSA-9wrv-g75h-8ccc
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc
fixed_packages
0
url pkg:composer/shopware/platform@6.4.10.1
purl pkg:composer/shopware/platform@6.4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-d284-ecsh-ebhw
8
vulnerability VCID-dqba-4hk6-eud2
9
vulnerability VCID-g4mm-3wn7-z3dr
10
vulnerability VCID-h4gh-jepq-2ue8
11
vulnerability VCID-nhdh-f91b-kuex
12
vulnerability VCID-nzcj-wu6c-pfgw
13
vulnerability VCID-p5f5-9e68-rqdd
14
vulnerability VCID-parp-avvf-v3bu
15
vulnerability VCID-qhgp-qxed-7qbc
16
vulnerability VCID-radt-bkq9-9ua5
17
vulnerability VCID-rfa4-81mz-qqd9
18
vulnerability VCID-s7y9-5z3z-syec
19
vulnerability VCID-sjfg-863y-c3fp
20
vulnerability VCID-sq4j-drbr-fub6
21
vulnerability VCID-stdp-p5h7-3kg3
22
vulnerability VCID-u41w-g79s-eyez
23
vulnerability VCID-ujfm-g8ne-cqhx
24
vulnerability VCID-ykq7-2fy3-b7e1
25
vulnerability VCID-z266-zw44-13et
26
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.10.1
1
url pkg:composer/shopware/platform@6.4.10%2B1
purl pkg:composer/shopware/platform@6.4.10%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.10%252B1
aliases CVE-2022-24872, GHSA-9wrv-g75h-8ccc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f58-1dw2-uka2
10
url VCID-d284-ecsh-ebhw
vulnerability_id VCID-d284-ecsh-ebhw
summary Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22407
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28835
published_at 2026-06-12T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28848
published_at 2026-06-14T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28859
published_at 2026-06-13T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28635
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22407
1
reference_url https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22407
reference_id CVE-2024-22407
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22407
5
reference_url https://github.com/advisories/GHSA-3867-jc5c-66qf
reference_id GHSA-3867-jc5c-66qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3867-jc5c-66qf
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf
reference_id GHSA-3867-jc5c-66qf
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:09:33Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf
fixed_packages
0
url pkg:composer/shopware/platform@6.5.7%2B4
purl pkg:composer/shopware/platform@6.5.7%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.7%252B4
1
url pkg:composer/shopware/platform@6.5.7.4
purl pkg:composer/shopware/platform@6.5.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-s7y9-5z3z-syec
13
vulnerability VCID-sjfg-863y-c3fp
14
vulnerability VCID-sq4j-drbr-fub6
15
vulnerability VCID-stdp-p5h7-3kg3
16
vulnerability VCID-u41w-g79s-eyez
17
vulnerability VCID-ykq7-2fy3-b7e1
18
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.7.4
aliases CVE-2024-22407, GHSA-3867-jc5c-66qf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d284-ecsh-ebhw
11
url VCID-dqba-4hk6-eud2
vulnerability_id VCID-dqba-4hk6-eud2
summary Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26177
published_at 2026-06-11T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26375
published_at 2026-06-14T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.2639
published_at 2026-06-13T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26378
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
reference_id CVE-2026-31889
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
3
reference_url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:04:03Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B15
purl pkg:composer/shopware/platform@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B15
1
url pkg:composer/shopware/platform@6.6.10.15
purl pkg:composer/shopware/platform@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.15
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31889, GHSA-c4p7-rwrg-pf6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqba-4hk6-eud2
12
url VCID-f9zv-9awa-qfha
vulnerability_id VCID-f9zv-9awa-qfha
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37709
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44465
published_at 2026-06-11T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44619
published_at 2026-06-12T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44635
published_at 2026-06-13T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44622
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37709
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37709
5
reference_url https://github.com/advisories/GHSA-54gp-qff8-946c
reference_id GHSA-54gp-qff8-946c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54gp-qff8-946c
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37709, GHSA-54gp-qff8-946c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9zv-9awa-qfha
13
url VCID-g4mm-3wn7-z3dr
vulnerability_id VCID-g4mm-3wn7-z3dr
summary Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2017
reference_id
reference_type
scores
0
value 0.02271
scoring_system epss
scoring_elements 0.85005
published_at 2026-06-11T12:55:00Z
1
value 0.02424
scoring_system epss
scoring_elements 0.85519
published_at 2026-06-14T12:55:00Z
2
value 0.02424
scoring_system epss
scoring_elements 0.85527
published_at 2026-06-13T12:55:00Z
3
value 0.02424
scoring_system epss
scoring_elements 0.85517
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2017
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/releases/tag/v6.4.20.1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/releases/tag/v6.4.20.1
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2017
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2017
5
reference_url https://starlabs.sg/advisories/23/23-2017
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://starlabs.sg/advisories/23/23-2017
6
reference_url https://starlabs.sg/advisories/23/23-2017/
reference_id 23-2017
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://starlabs.sg/advisories/23/23-2017/
7
reference_url https://github.com/advisories/GHSA-7v2v-9rm4-7m8f
reference_id GHSA-7v2v-9rm4-7m8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7v2v-9rm4-7m8f
8
reference_url https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
reference_id GHSA-7v2v-9rm4-7m8f
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
9
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
reference_id security-update-04-2023
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
fixed_packages
0
url pkg:composer/shopware/platform@6.4.20%2B1
purl pkg:composer/shopware/platform@6.4.20%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.20%252B1
1
url pkg:composer/shopware/platform@6.4.20.1
purl pkg:composer/shopware/platform@6.4.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-h4gh-jepq-2ue8
8
vulnerability VCID-nhdh-f91b-kuex
9
vulnerability VCID-nzcj-wu6c-pfgw
10
vulnerability VCID-parp-avvf-v3bu
11
vulnerability VCID-qhgp-qxed-7qbc
12
vulnerability VCID-rfa4-81mz-qqd9
13
vulnerability VCID-s7y9-5z3z-syec
14
vulnerability VCID-sjfg-863y-c3fp
15
vulnerability VCID-sq4j-drbr-fub6
16
vulnerability VCID-stdp-p5h7-3kg3
17
vulnerability VCID-u41w-g79s-eyez
18
vulnerability VCID-ujfm-g8ne-cqhx
19
vulnerability VCID-ykq7-2fy3-b7e1
20
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.20.1
aliases CVE-2023-2017, GHSA-7v2v-9rm4-7m8f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mm-3wn7-z3dr
14
url VCID-g55p-1gm9-j7d8
vulnerability_id VCID-g55p-1gm9-j7d8
summary Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24747
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56081
published_at 2026-06-11T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56205
published_at 2026-06-14T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56216
published_at 2026-06-13T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.56201
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24747
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24747
reference_id CVE-2022-24747
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24747
3
reference_url https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f
reference_id d51863148f32306aafdbc7f9f48887c69fce206f
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/
url https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f
4
reference_url https://github.com/advisories/GHSA-6wrh-279j-6hvw
reference_id GHSA-6wrh-279j-6hvw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wrh-279j-6hvw
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw
reference_id GHSA-6wrh-279j-6hvw
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/
url https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022
reference_id security-update-03-2022
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:22Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022
fixed_packages
0
url pkg:composer/shopware/platform@6.4.8.2
purl pkg:composer/shopware/platform@6.4.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9f58-1dw2-uka2
8
vulnerability VCID-d284-ecsh-ebhw
9
vulnerability VCID-dqba-4hk6-eud2
10
vulnerability VCID-g4mm-3wn7-z3dr
11
vulnerability VCID-h4gh-jepq-2ue8
12
vulnerability VCID-jx2r-jrwf-h3bm
13
vulnerability VCID-nhdh-f91b-kuex
14
vulnerability VCID-nzcj-wu6c-pfgw
15
vulnerability VCID-p5f5-9e68-rqdd
16
vulnerability VCID-parp-avvf-v3bu
17
vulnerability VCID-qhgp-qxed-7qbc
18
vulnerability VCID-radt-bkq9-9ua5
19
vulnerability VCID-rfa4-81mz-qqd9
20
vulnerability VCID-s7y9-5z3z-syec
21
vulnerability VCID-sjfg-863y-c3fp
22
vulnerability VCID-sq4j-drbr-fub6
23
vulnerability VCID-stdp-p5h7-3kg3
24
vulnerability VCID-u41w-g79s-eyez
25
vulnerability VCID-ujfm-g8ne-cqhx
26
vulnerability VCID-ykq7-2fy3-b7e1
27
vulnerability VCID-z266-zw44-13et
28
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8.2
1
url pkg:composer/shopware/platform@6.4.8%2B2
purl pkg:composer/shopware/platform@6.4.8%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8%252B2
aliases CVE-2022-24747, GHSA-6wrh-279j-6hvw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g55p-1gm9-j7d8
15
url VCID-ghc6-4er3-vueu
vulnerability_id VCID-ghc6-4er3-vueu
summary Webcache Poisoning in shopware/platform and shopware/core
references
0
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
1
reference_url https://github.com/shopware/platform/commit/9062f15450d183f2c666664841efd4f5ef25e0f3
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/9062f15450d183f2c666664841efd4f5ef25e0f3
2
reference_url https://github.com/advisories/GHSA-r64m-qchj-hrjp
reference_id GHSA-r64m-qchj-hrjp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r64m-qchj-hrjp
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-r64m-qchj-hrjp
reference_id GHSA-r64m-qchj-hrjp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-r64m-qchj-hrjp
fixed_packages
0
url pkg:composer/shopware/platform@6.4.6%2B1
purl pkg:composer/shopware/platform@6.4.6%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.6%252B1
1
url pkg:composer/shopware/platform@6.4.6.1
purl pkg:composer/shopware/platform@6.4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9f58-1dw2-uka2
8
vulnerability VCID-d284-ecsh-ebhw
9
vulnerability VCID-dqba-4hk6-eud2
10
vulnerability VCID-g4mm-3wn7-z3dr
11
vulnerability VCID-g55p-1gm9-j7d8
12
vulnerability VCID-h4gh-jepq-2ue8
13
vulnerability VCID-jx2r-jrwf-h3bm
14
vulnerability VCID-mdkz-brfm-4bhw
15
vulnerability VCID-nfjj-zv57-yyd8
16
vulnerability VCID-nhdh-f91b-kuex
17
vulnerability VCID-ntem-vp84-7fgu
18
vulnerability VCID-nzcj-wu6c-pfgw
19
vulnerability VCID-p5f5-9e68-rqdd
20
vulnerability VCID-parp-avvf-v3bu
21
vulnerability VCID-qhgp-qxed-7qbc
22
vulnerability VCID-radt-bkq9-9ua5
23
vulnerability VCID-rfa4-81mz-qqd9
24
vulnerability VCID-s7y9-5z3z-syec
25
vulnerability VCID-sjfg-863y-c3fp
26
vulnerability VCID-sq4j-drbr-fub6
27
vulnerability VCID-stdp-p5h7-3kg3
28
vulnerability VCID-u41w-g79s-eyez
29
vulnerability VCID-ujfm-g8ne-cqhx
30
vulnerability VCID-ykq7-2fy3-b7e1
31
vulnerability VCID-z266-zw44-13et
32
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.6.1
aliases GHSA-r64m-qchj-hrjp, GMS-2021-121, GMS-2021-128
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghc6-4er3-vueu
16
url VCID-h4gh-jepq-2ue8
vulnerability_id VCID-h4gh-jepq-2ue8
summary Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74858
published_at 2026-06-12T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.74868
published_at 2026-06-14T12:55:00Z
2
value 0.00817
scoring_system epss
scoring_elements 0.74872
published_at 2026-06-13T12:55:00Z
3
value 0.00817
scoring_system epss
scoring_elements 0.74787
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
reference_id 57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
3
reference_url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
reference_id 63c05615694790f5790a04ef889f42b764fa53c9
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
4
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
5
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
reference_id CVE-2024-42357
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
7
reference_url https://github.com/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6w9-r443-r752
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B13
purl pkg:composer/shopware/platform@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B13
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.5%2B1
purl pkg:composer/shopware/platform@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.5%252B1
aliases CVE-2024-42357, GHSA-p6w9-r443-r752
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4gh-jepq-2ue8
17
url VCID-jx2r-jrwf-h3bm
vulnerability_id VCID-jx2r-jrwf-h3bm
summary Server-Side Request Forgery (SSRF) in Shopware
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24871
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57842
published_at 2026-06-14T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57835
published_at 2026-06-12T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57721
published_at 2026-06-11T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57852
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24871
1
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
2
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
3
reference_url https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24871
reference_id CVE-2022-24871
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24871
5
reference_url https://github.com/advisories/GHSA-7gm7-8q8v-9gf2
reference_id GHSA-7gm7-8q8v-9gf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gm7-8q8v-9gf2
6
reference_url https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2
reference_id GHSA-7gm7-8q8v-9gf2
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2
fixed_packages
0
url pkg:composer/shopware/platform@6.4.10.1
purl pkg:composer/shopware/platform@6.4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-d284-ecsh-ebhw
8
vulnerability VCID-dqba-4hk6-eud2
9
vulnerability VCID-g4mm-3wn7-z3dr
10
vulnerability VCID-h4gh-jepq-2ue8
11
vulnerability VCID-nhdh-f91b-kuex
12
vulnerability VCID-nzcj-wu6c-pfgw
13
vulnerability VCID-p5f5-9e68-rqdd
14
vulnerability VCID-parp-avvf-v3bu
15
vulnerability VCID-qhgp-qxed-7qbc
16
vulnerability VCID-radt-bkq9-9ua5
17
vulnerability VCID-rfa4-81mz-qqd9
18
vulnerability VCID-s7y9-5z3z-syec
19
vulnerability VCID-sjfg-863y-c3fp
20
vulnerability VCID-sq4j-drbr-fub6
21
vulnerability VCID-stdp-p5h7-3kg3
22
vulnerability VCID-u41w-g79s-eyez
23
vulnerability VCID-ujfm-g8ne-cqhx
24
vulnerability VCID-ykq7-2fy3-b7e1
25
vulnerability VCID-z266-zw44-13et
26
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.10.1
1
url pkg:composer/shopware/platform@6.4.10%2B1
purl pkg:composer/shopware/platform@6.4.10%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.10%252B1
aliases CVE-2022-24871, GHSA-7gm7-8q8v-9gf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2r-jrwf-h3bm
18
url VCID-kvrn-vhfe-q7a1
vulnerability_id VCID-kvrn-vhfe-q7a1
summary 
### Impact
non-admin users can create integration role with administrator role

### Patches
We recommend updating to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

### Workarounds
For older versions of 6.1, 6.2, and 6.3 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659
references
0
reference_url https://github.com/shopware/platform/security/advisories/GHSA-243q-g9j3-qf6r
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-243q-g9j3-qf6r
1
reference_url https://github.com/advisories/GHSA-243q-g9j3-qf6r
reference_id GHSA-243q-g9j3-qf6r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-243q-g9j3-qf6r
fixed_packages
0
url pkg:composer/shopware/platform@6.4.1.1
purl pkg:composer/shopware/platform@6.4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9asn-9v27-x3e1
8
vulnerability VCID-9f58-1dw2-uka2
9
vulnerability VCID-d284-ecsh-ebhw
10
vulnerability VCID-dqba-4hk6-eud2
11
vulnerability VCID-f9zv-9awa-qfha
12
vulnerability VCID-g4mm-3wn7-z3dr
13
vulnerability VCID-g55p-1gm9-j7d8
14
vulnerability VCID-ghc6-4er3-vueu
15
vulnerability VCID-h4gh-jepq-2ue8
16
vulnerability VCID-jx2r-jrwf-h3bm
17
vulnerability VCID-mdkz-brfm-4bhw
18
vulnerability VCID-nfjj-zv57-yyd8
19
vulnerability VCID-nhdh-f91b-kuex
20
vulnerability VCID-ntem-vp84-7fgu
21
vulnerability VCID-nzcj-wu6c-pfgw
22
vulnerability VCID-p5f5-9e68-rqdd
23
vulnerability VCID-parp-avvf-v3bu
24
vulnerability VCID-pb4v-pcjv-3kfr
25
vulnerability VCID-q355-4yb3-93cn
26
vulnerability VCID-qhgp-qxed-7qbc
27
vulnerability VCID-radt-bkq9-9ua5
28
vulnerability VCID-rfa4-81mz-qqd9
29
vulnerability VCID-s7y9-5z3z-syec
30
vulnerability VCID-sjfg-863y-c3fp
31
vulnerability VCID-sq4j-drbr-fub6
32
vulnerability VCID-stdp-p5h7-3kg3
33
vulnerability VCID-u41w-g79s-eyez
34
vulnerability VCID-ujfm-g8ne-cqhx
35
vulnerability VCID-vgjj-eqzd-t7a1
36
vulnerability VCID-ykq7-2fy3-b7e1
37
vulnerability VCID-z266-zw44-13et
38
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.1.1
1
url pkg:composer/shopware/platform@6.4.1%2B1
purl pkg:composer/shopware/platform@6.4.1%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.1%252B1
aliases GHSA-243q-g9j3-qf6r, GMS-2021-118, GMS-2021-123
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvrn-vhfe-q7a1
19
url VCID-mdkz-brfm-4bhw
vulnerability_id VCID-mdkz-brfm-4bhw
summary Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24746
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.61101
published_at 2026-06-12T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.61108
published_at 2026-06-14T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60995
published_at 2026-06-11T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.6111
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24746
1
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates
2
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
3
reference_url https://github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6
reference_id 651598a61073cbe59368e311817bdc6e7fb349c6
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/
url https://github.com/shopware/platform/commit/651598a61073cbe59368e311817bdc6e7fb349c6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24746
reference_id CVE-2022-24746
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24746
5
reference_url https://github.com/advisories/GHSA-952p-fqcp-g8pc
reference_id GHSA-952p-fqcp-g8pc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-952p-fqcp-g8pc
6
reference_url https://github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc
reference_id GHSA-952p-fqcp-g8pc
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/
url https://github.com/shopware/platform/security/advisories/GHSA-952p-fqcp-g8pc
7
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022
reference_id security-update-02-2022
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:19Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022
fixed_packages
0
url pkg:composer/shopware/platform@6.4.8.1
purl pkg:composer/shopware/platform@6.4.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9f58-1dw2-uka2
8
vulnerability VCID-d284-ecsh-ebhw
9
vulnerability VCID-dqba-4hk6-eud2
10
vulnerability VCID-g4mm-3wn7-z3dr
11
vulnerability VCID-g55p-1gm9-j7d8
12
vulnerability VCID-h4gh-jepq-2ue8
13
vulnerability VCID-jx2r-jrwf-h3bm
14
vulnerability VCID-nhdh-f91b-kuex
15
vulnerability VCID-ntem-vp84-7fgu
16
vulnerability VCID-nzcj-wu6c-pfgw
17
vulnerability VCID-p5f5-9e68-rqdd
18
vulnerability VCID-parp-avvf-v3bu
19
vulnerability VCID-qhgp-qxed-7qbc
20
vulnerability VCID-radt-bkq9-9ua5
21
vulnerability VCID-rfa4-81mz-qqd9
22
vulnerability VCID-s7y9-5z3z-syec
23
vulnerability VCID-sjfg-863y-c3fp
24
vulnerability VCID-sq4j-drbr-fub6
25
vulnerability VCID-stdp-p5h7-3kg3
26
vulnerability VCID-u41w-g79s-eyez
27
vulnerability VCID-ujfm-g8ne-cqhx
28
vulnerability VCID-ykq7-2fy3-b7e1
29
vulnerability VCID-z266-zw44-13et
30
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8.1
1
url pkg:composer/shopware/platform@6.4.8%2B1
purl pkg:composer/shopware/platform@6.4.8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g55p-1gm9-j7d8
1
vulnerability VCID-ntem-vp84-7fgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8%252B1
aliases CVE-2022-24746, GHSA-952p-fqcp-g8pc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkz-brfm-4bhw
20
url VCID-nfjj-zv57-yyd8
vulnerability_id VCID-nfjj-zv57-yyd8
summary Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24744
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36811
published_at 2026-06-14T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36822
published_at 2026-06-13T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.36618
published_at 2026-06-11T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.36797
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24744
1
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-02-2022?category=security-updates
2
reference_url https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/core/commit/324cd1b57db58481df1b1d0030ffc307e2d9fe64
3
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
4
reference_url https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/47b4b094c13f62db860be2f431138bb45c0bd0b6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24744
reference_id CVE-2022-24744
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24744
6
reference_url https://github.com/advisories/GHSA-w267-m9c4-8555
reference_id GHSA-w267-m9c4-8555
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w267-m9c4-8555
7
reference_url https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555
reference_id GHSA-w267-m9c4-8555
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:14Z/
url https://github.com/shopware/platform/security/advisories/GHSA-w267-m9c4-8555
fixed_packages
0
url pkg:composer/shopware/platform@6.4.8.1
purl pkg:composer/shopware/platform@6.4.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9f58-1dw2-uka2
8
vulnerability VCID-d284-ecsh-ebhw
9
vulnerability VCID-dqba-4hk6-eud2
10
vulnerability VCID-g4mm-3wn7-z3dr
11
vulnerability VCID-g55p-1gm9-j7d8
12
vulnerability VCID-h4gh-jepq-2ue8
13
vulnerability VCID-jx2r-jrwf-h3bm
14
vulnerability VCID-nhdh-f91b-kuex
15
vulnerability VCID-ntem-vp84-7fgu
16
vulnerability VCID-nzcj-wu6c-pfgw
17
vulnerability VCID-p5f5-9e68-rqdd
18
vulnerability VCID-parp-avvf-v3bu
19
vulnerability VCID-qhgp-qxed-7qbc
20
vulnerability VCID-radt-bkq9-9ua5
21
vulnerability VCID-rfa4-81mz-qqd9
22
vulnerability VCID-s7y9-5z3z-syec
23
vulnerability VCID-sjfg-863y-c3fp
24
vulnerability VCID-sq4j-drbr-fub6
25
vulnerability VCID-stdp-p5h7-3kg3
26
vulnerability VCID-u41w-g79s-eyez
27
vulnerability VCID-ujfm-g8ne-cqhx
28
vulnerability VCID-ykq7-2fy3-b7e1
29
vulnerability VCID-z266-zw44-13et
30
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8.1
1
url pkg:composer/shopware/platform@6.4.8%2B1
purl pkg:composer/shopware/platform@6.4.8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g55p-1gm9-j7d8
1
vulnerability VCID-ntem-vp84-7fgu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8%252B1
aliases CVE-2022-24744, GHSA-w267-m9c4-8555
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjj-zv57-yyd8
21
url VCID-nhdh-f91b-kuex
vulnerability_id VCID-nhdh-f91b-kuex
summary Shopware exposes sensitive user information via CSV export mapping
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
2
reference_url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B7
purl pkg:composer/shopware/platform@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B7
1
url pkg:composer/shopware/platform@6.6.10.7
purl pkg:composer/shopware/platform@6.6.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.7
2
url pkg:composer/shopware/platform@6.7.3%2B1
purl pkg:composer/shopware/platform@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3%252B1
3
url pkg:composer/shopware/platform@6.7.3.1
purl pkg:composer/shopware/platform@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-637f-zxjb-8ufn
1
vulnerability VCID-dqba-4hk6-eud2
2
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3.1
aliases GHSA-27c9-vp3w-6ww8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhdh-f91b-kuex
22
url VCID-ntem-vp84-7fgu
vulnerability_id VCID-ntem-vp84-7fgu
summary Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24745
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40299
published_at 2026-06-11T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40478
published_at 2026-06-14T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40489
published_at 2026-06-13T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40467
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24745
1
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022?_ga=2.159980029.1931762803.1646933116-1088482757.1646933116
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022?_ga=2.159980029.1931762803.1646933116-1088482757.1646933116
2
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24745
reference_id CVE-2022-24745
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24745
4
reference_url https://github.com/advisories/GHSA-jp6h-mxhx-pgqh
reference_id GHSA-jp6h-mxhx-pgqh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp6h-mxhx-pgqh
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqh
reference_id GHSA-jp6h-mxhx-pgqh
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:09:17Z/
url https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqh
fixed_packages
0
url pkg:composer/shopware/platform@6.4.8.2
purl pkg:composer/shopware/platform@6.4.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-5yxh-sqdk-37dy
4
vulnerability VCID-637f-zxjb-8ufn
5
vulnerability VCID-6tys-6s4d-fqcm
6
vulnerability VCID-845f-5kns-bqcb
7
vulnerability VCID-9f58-1dw2-uka2
8
vulnerability VCID-d284-ecsh-ebhw
9
vulnerability VCID-dqba-4hk6-eud2
10
vulnerability VCID-g4mm-3wn7-z3dr
11
vulnerability VCID-h4gh-jepq-2ue8
12
vulnerability VCID-jx2r-jrwf-h3bm
13
vulnerability VCID-nhdh-f91b-kuex
14
vulnerability VCID-nzcj-wu6c-pfgw
15
vulnerability VCID-p5f5-9e68-rqdd
16
vulnerability VCID-parp-avvf-v3bu
17
vulnerability VCID-qhgp-qxed-7qbc
18
vulnerability VCID-radt-bkq9-9ua5
19
vulnerability VCID-rfa4-81mz-qqd9
20
vulnerability VCID-s7y9-5z3z-syec
21
vulnerability VCID-sjfg-863y-c3fp
22
vulnerability VCID-sq4j-drbr-fub6
23
vulnerability VCID-stdp-p5h7-3kg3
24
vulnerability VCID-u41w-g79s-eyez
25
vulnerability VCID-ujfm-g8ne-cqhx
26
vulnerability VCID-ykq7-2fy3-b7e1
27
vulnerability VCID-z266-zw44-13et
28
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8.2
1
url pkg:composer/shopware/platform@6.4.8%2B2
purl pkg:composer/shopware/platform@6.4.8%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.8%252B2
aliases CVE-2022-24745, GHSA-jp6h-mxhx-pgqh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntem-vp84-7fgu
23
url VCID-nzcj-wu6c-pfgw
vulnerability_id VCID-nzcj-wu6c-pfgw
summary Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
2
reference_url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B7
purl pkg:composer/shopware/platform@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B7
1
url pkg:composer/shopware/platform@6.6.10.7
purl pkg:composer/shopware/platform@6.6.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.7
2
url pkg:composer/shopware/platform@6.7.3%2B1
purl pkg:composer/shopware/platform@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3%252B1
3
url pkg:composer/shopware/platform@6.7.3.1
purl pkg:composer/shopware/platform@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-637f-zxjb-8ufn
1
vulnerability VCID-dqba-4hk6-eud2
2
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3.1
aliases GHSA-3cpp-fv95-mpr5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcj-wu6c-pfgw
24
url VCID-p5f5-9e68-rqdd
vulnerability_id VCID-p5f5-9e68-rqdd
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22734
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53687
published_at 2026-06-12T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53689
published_at 2026-06-14T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53562
published_at 2026-06-11T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53703
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22734
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22734
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22734
3
reference_url https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620
reference_id f5a95ee2bcf1e546878450963ef1d9886e59a620
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620
4
reference_url https://github.com/advisories/GHSA-46h7-vj7x-fxg2
reference_id GHSA-46h7-vj7x-fxg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46h7-vj7x-fxg2
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2
reference_id GHSA-46h7-vj7x-fxg2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/platform@6.4.18%2B1
purl pkg:composer/shopware/platform@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18%252B1
1
url pkg:composer/shopware/platform@6.4.18.1
purl pkg:composer/shopware/platform@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18.1
aliases CVE-2023-22734, GHSA-46h7-vj7x-fxg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5f5-9e68-rqdd
25
url VCID-parp-avvf-v3bu
vulnerability_id VCID-parp-avvf-v3bu
summary Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
reference_id
reference_type
scores
0
value 0.01052
scoring_system epss
scoring_elements 0.78052
published_at 2026-06-14T12:55:00Z
1
value 0.01052
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-13T12:55:00Z
2
value 0.01052
scoring_system epss
scoring_elements 0.78045
published_at 2026-06-12T12:55:00Z
3
value 0.01052
scoring_system epss
scoring_elements 0.77977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
reference_id 445c6763cc093fbd651e0efaa4150deae4ae60da
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
3
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
4
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
reference_id CVE-2024-42355
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
6
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
7
reference_url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B13
purl pkg:composer/shopware/platform@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B13
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.5%2B1
purl pkg:composer/shopware/platform@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.5%252B1
aliases CVE-2024-42355, GHSA-27wp-jvhw-v4xp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-parp-avvf-v3bu
26
url VCID-pb4v-pcjv-3kfr
vulnerability_id VCID-pb4v-pcjv-3kfr
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37711
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67205
published_at 2026-06-11T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.67297
published_at 2026-06-12T12:55:00Z
2
value 0.00519
scoring_system epss
scoring_elements 0.67311
published_at 2026-06-13T12:55:00Z
3
value 0.00519
scoring_system epss
scoring_elements 0.6731
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37711
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/b9f330e652b743dd2374c02bbe68f28b59a3f502
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-gcvv-gq92-x94r
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37711
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37711
5
reference_url https://github.com/advisories/GHSA-gcvv-gq92-x94r
reference_id GHSA-gcvv-gq92-x94r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gcvv-gq92-x94r
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37711, GHSA-gcvv-gq92-x94r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4v-pcjv-3kfr
27
url VCID-q355-4yb3-93cn
vulnerability_id VCID-q355-4yb3-93cn
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37707
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44091
published_at 2026-06-11T12:55:00Z
1
value 0.00215
scoring_system epss
scoring_elements 0.44244
published_at 2026-06-12T12:55:00Z
2
value 0.00215
scoring_system epss
scoring_elements 0.44263
published_at 2026-06-13T12:55:00Z
3
value 0.00215
scoring_system epss
scoring_elements 0.44251
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37707
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37707
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37707
5
reference_url https://github.com/advisories/GHSA-9f8f-574q-8jmf
reference_id GHSA-9f8f-574q-8jmf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f8f-574q-8jmf
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37707, GHSA-9f8f-574q-8jmf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q355-4yb3-93cn
28
url VCID-qhgp-qxed-7qbc
vulnerability_id VCID-qhgp-qxed-7qbc
summary Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62937
published_at 2026-06-11T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.63047
published_at 2026-06-14T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.6305
published_at 2026-06-13T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.63038
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
reference_id 04183e0c02af3b404eb7d52c683734bfe0595038
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
3
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
4
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
reference_id CVE-2024-42356
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
6
reference_url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
reference_id e43423bcc93c618c3036f94c12aa29514da8cf2e
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
7
reference_url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B13
purl pkg:composer/shopware/platform@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B13
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.5%2B1
purl pkg:composer/shopware/platform@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.5%252B1
aliases CVE-2024-42356, GHSA-35jp-8cgg-p4wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhgp-qxed-7qbc
29
url VCID-radt-bkq9-9ua5
vulnerability_id VCID-radt-bkq9-9ua5
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22731
reference_id
reference_type
scores
0
value 0.02406
scoring_system epss
scoring_elements 0.85413
published_at 2026-06-11T12:55:00Z
1
value 0.02406
scoring_system epss
scoring_elements 0.85466
published_at 2026-06-14T12:55:00Z
2
value 0.02406
scoring_system epss
scoring_elements 0.85465
published_at 2026-06-12T12:55:00Z
3
value 0.02406
scoring_system epss
scoring_elements 0.85474
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22731
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22731
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22731
3
reference_url https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
reference_id 89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
4
reference_url https://github.com/advisories/GHSA-93cw-f5jj-x85w
reference_id GHSA-93cw-f5jj-x85w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93cw-f5jj-x85w
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
reference_id GHSA-93cw-f5jj-x85w
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/platform@6.4.18%2B1
purl pkg:composer/shopware/platform@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18%252B1
1
url pkg:composer/shopware/platform@6.4.18.1
purl pkg:composer/shopware/platform@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18.1
aliases CVE-2023-22731, GHSA-93cw-f5jj-x85w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-radt-bkq9-9ua5
30
url VCID-rfa4-81mz-qqd9
vulnerability_id VCID-rfa4-81mz-qqd9
summary Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62735
published_at 2026-06-13T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.6273
published_at 2026-06-14T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62723
published_at 2026-06-12T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62622
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
3
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
4
reference_url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
reference_id ad83d38809df457efef21c37ce0996430334bf01
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
reference_id CVE-2024-42354
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
6
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
7
reference_url https://github.com/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhcq-ph6w-494g
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B13
purl pkg:composer/shopware/platform@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B13
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.5%2B1
purl pkg:composer/shopware/platform@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.5%252B1
aliases CVE-2024-42354, GHSA-hhcq-ph6w-494g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfa4-81mz-qqd9
31
url VCID-s7y9-5z3z-syec
vulnerability_id VCID-s7y9-5z3z-syec
summary Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31447
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.3744
published_at 2026-06-12T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.3745
published_at 2026-06-14T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37262
published_at 2026-06-11T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37463
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31447
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
reference_id 5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/commit/5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31447
reference_id CVE-2024-31447
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31447
4
reference_url https://github.com/shopware/shopware/commit/d29775aa758f70d08e0c5999795c7c26d230e7d3
reference_id d29775aa758f70d08e0c5999795c7c26d230e7d3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/commit/d29775aa758f70d08e0c5999795c7c26d230e7d3
5
reference_url https://github.com/advisories/GHSA-5297-wrrp-rcj7
reference_id GHSA-5297-wrrp-rcj7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5297-wrrp-rcj7
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-5297-wrrp-rcj7
reference_id GHSA-5297-wrrp-rcj7
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-5297-wrrp-rcj7
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B8
purl pkg:composer/shopware/platform@6.5.8%2B8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B8
1
url pkg:composer/shopware/platform@6.6.0.0
purl pkg:composer/shopware/platform@6.6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-sjfg-863y-c3fp
13
vulnerability VCID-sq4j-drbr-fub6
14
vulnerability VCID-stdp-p5h7-3kg3
15
vulnerability VCID-u41w-g79s-eyez
16
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.0.0
2
url pkg:composer/shopware/platform@6.6.1%2B0
purl pkg:composer/shopware/platform@6.6.1%2B0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.1%252B0
aliases CVE-2024-31447, GHSA-5297-wrrp-rcj7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7y9-5z3z-syec
32
url VCID-sjfg-863y-c3fp
vulnerability_id VCID-sjfg-863y-c3fp
summary Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m895-2hj3-8cg9
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B7
purl pkg:composer/shopware/platform@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B7
1
url pkg:composer/shopware/platform@6.6.10.7
purl pkg:composer/shopware/platform@6.6.10.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.7
2
url pkg:composer/shopware/platform@6.7.3%2B1
purl pkg:composer/shopware/platform@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3%252B1
3
url pkg:composer/shopware/platform@6.7.3.1
purl pkg:composer/shopware/platform@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-637f-zxjb-8ufn
1
vulnerability VCID-dqba-4hk6-eud2
2
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.3.1
aliases GHSA-m895-2hj3-8cg9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjfg-863y-c3fp
33
url VCID-sq4j-drbr-fub6
vulnerability_id VCID-sq4j-drbr-fub6
summary Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.74498
published_at 2026-06-13T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.74495
published_at 2026-06-14T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.74411
published_at 2026-06-11T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.74484
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
6
reference_url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:47:17Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B17
purl pkg:composer/shopware/platform@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B17
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.10%2B3
purl pkg:composer/shopware/platform@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B3
3
url pkg:composer/shopware/platform@6.6.10.3
purl pkg:composer/shopware/platform@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.3
4
url pkg:composer/shopware/platform@6.7.0%2B0-rc2
purl pkg:composer/shopware/platform@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0%252B0-rc2
5
url pkg:composer/shopware/platform@6.7.0.0-rc2
purl pkg:composer/shopware/platform@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-nhdh-f91b-kuex
5
vulnerability VCID-nzcj-wu6c-pfgw
6
vulnerability VCID-sjfg-863y-c3fp
7
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0.0-rc2
aliases CVE-2025-30151, GHSA-cgfj-hj93-rmh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4j-drbr-fub6
34
url VCID-stdp-p5h7-3kg3
vulnerability_id VCID-stdp-p5h7-3kg3
summary Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.70601
published_at 2026-06-14T12:55:00Z
1
value 0.00619
scoring_system epss
scoring_elements 0.70604
published_at 2026-06-13T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74708
published_at 2026-06-12T12:55:00Z
3
value 0.00808
scoring_system epss
scoring_elements 0.74636
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
6
reference_url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:45:06Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B18
purl pkg:composer/shopware/platform@6.5.8%2B18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B18
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.10%2B3
purl pkg:composer/shopware/platform@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B3
3
url pkg:composer/shopware/platform@6.6.10.3
purl pkg:composer/shopware/platform@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.3
4
url pkg:composer/shopware/platform@6.7.0%2B0-rc2
purl pkg:composer/shopware/platform@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0%252B0-rc2
5
url pkg:composer/shopware/platform@6.7.0.0-rc2
purl pkg:composer/shopware/platform@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-nhdh-f91b-kuex
5
vulnerability VCID-nzcj-wu6c-pfgw
6
vulnerability VCID-sjfg-863y-c3fp
7
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0.0-rc2
aliases CVE-2025-30150, GHSA-hh7j-6x3q-f52h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stdp-p5h7-3kg3
35
url VCID-u41w-g79s-eyez
vulnerability_id VCID-u41w-g79s-eyez
summary Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
reference_id
reference_type
scores
0
value 0.01246
scoring_system epss
scoring_elements 0.79772
published_at 2026-06-12T12:55:00Z
1
value 0.01246
scoring_system epss
scoring_elements 0.79784
published_at 2026-06-14T12:55:00Z
2
value 0.01246
scoring_system epss
scoring_elements 0.7979
published_at 2026-06-13T12:55:00Z
3
value 0.01246
scoring_system epss
scoring_elements 0.79707
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
6
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
7
reference_url https://github.com/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g35-7rmw-7f59
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
9
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
reference_id rt-sa-2025-001
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B18
purl pkg:composer/shopware/platform@6.5.8%2B18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B18
1
url pkg:composer/shopware/platform@6.5.8.2
purl pkg:composer/shopware/platform@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9rhv-j6u2-3qg6
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-s7y9-5z3z-syec
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.2
2
url pkg:composer/shopware/platform@6.6.10%2B3
purl pkg:composer/shopware/platform@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B3
3
url pkg:composer/shopware/platform@6.6.10.3
purl pkg:composer/shopware/platform@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.3
4
url pkg:composer/shopware/platform@6.7.0%2B0-rc2
purl pkg:composer/shopware/platform@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0%252B0-rc2
5
url pkg:composer/shopware/platform@6.7.0.0-rc2
purl pkg:composer/shopware/platform@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-nhdh-f91b-kuex
5
vulnerability VCID-nzcj-wu6c-pfgw
6
vulnerability VCID-sjfg-863y-c3fp
7
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0.0-rc2
aliases CVE-2025-27892, GHSA-8g35-7rmw-7f59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u41w-g79s-eyez
36
url VCID-ujfm-g8ne-cqhx
vulnerability_id VCID-ujfm-g8ne-cqhx
summary Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22406
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.62221
published_at 2026-06-14T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.62223
published_at 2026-06-13T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.6211
published_at 2026-06-11T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.62212
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22406
1
reference_url https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.7.4
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.7.4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22406
reference_id CVE-2024-22406
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22406
6
reference_url https://github.com/advisories/GHSA-qmp9-2xwj-m6m9
reference_id GHSA-qmp9-2xwj-m6m9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmp9-2xwj-m6m9
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9
reference_id GHSA-qmp9-2xwj-m6m9
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:55Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9
fixed_packages
0
url pkg:composer/shopware/platform@6.5.7%2B4
purl pkg:composer/shopware/platform@6.5.7%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.7%252B4
1
url pkg:composer/shopware/platform@6.5.7.4
purl pkg:composer/shopware/platform@6.5.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-s7y9-5z3z-syec
13
vulnerability VCID-sjfg-863y-c3fp
14
vulnerability VCID-sq4j-drbr-fub6
15
vulnerability VCID-stdp-p5h7-3kg3
16
vulnerability VCID-u41w-g79s-eyez
17
vulnerability VCID-ykq7-2fy3-b7e1
18
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.7.4
aliases CVE-2024-22406, GHSA-qmp9-2xwj-m6m9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujfm-g8ne-cqhx
37
url VCID-vgjj-eqzd-t7a1
vulnerability_id VCID-vgjj-eqzd-t7a1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37708
reference_id
reference_type
scores
0
value 0.07808
scoring_system epss
scoring_elements 0.92166
published_at 2026-06-11T12:55:00Z
1
value 0.07808
scoring_system epss
scoring_elements 0.92193
published_at 2026-06-12T12:55:00Z
2
value 0.07808
scoring_system epss
scoring_elements 0.92198
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37708
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/commit/82d8d1995f6ce9054323b2c3522b1b3cf04853aa
3
reference_url https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/security/advisories/GHSA-xh55-2fqp-p775
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37708
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37708
5
reference_url https://github.com/advisories/GHSA-xh55-2fqp-p775
reference_id GHSA-xh55-2fqp-p775
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh55-2fqp-p775
fixed_packages
0
url pkg:composer/shopware/platform@6.4.3%2B1
purl pkg:composer/shopware/platform@6.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.3%252B1
aliases CVE-2021-37708, GHSA-xh55-2fqp-p775
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgjj-eqzd-t7a1
38
url VCID-ykq7-2fy3-b7e1
vulnerability_id VCID-ykq7-2fy3-b7e1
summary Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63782
published_at 2026-06-14T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63668
published_at 2026-06-11T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.6377
published_at 2026-06-12T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.63783
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
3
reference_url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:32:57Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
fixed_packages
0
url pkg:composer/shopware/platform@6.5.8%2B17
purl pkg:composer/shopware/platform@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8%252B17
1
url pkg:composer/shopware/platform@6.5.8.17
purl pkg:composer/shopware/platform@6.5.8.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-sjfg-863y-c3fp
8
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.5.8.17
2
url pkg:composer/shopware/platform@6.6.10%2B3
purl pkg:composer/shopware/platform@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B3
3
url pkg:composer/shopware/platform@6.6.10.3
purl pkg:composer/shopware/platform@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.3
4
url pkg:composer/shopware/platform@6.7.0%2B0-rc2
purl pkg:composer/shopware/platform@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0%252B0-rc2
5
url pkg:composer/shopware/platform@6.7.0.0-rc2
purl pkg:composer/shopware/platform@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-nhdh-f91b-kuex
5
vulnerability VCID-nzcj-wu6c-pfgw
6
vulnerability VCID-sjfg-863y-c3fp
7
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.0.0-rc2
aliases CVE-2025-32378, GHSA-4h9w-7vfp-px8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykq7-2fy3-b7e1
39
url VCID-z266-zw44-13et
vulnerability_id VCID-z266-zw44-13et
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22733
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.5378
published_at 2026-06-11T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53909
published_at 2026-06-14T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53905
published_at 2026-06-12T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53922
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22733
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22733
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22733
3
reference_url https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
reference_id 407a83063d7141c1a626441799c3ebef79498c07
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
4
reference_url https://github.com/advisories/GHSA-7cp7-jfp6-jh4f
reference_id GHSA-7cp7-jfp6-jh4f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cp7-jfp6-jh4f
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f
reference_id GHSA-7cp7-jfp6-jh4f
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f
6
reference_url https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
reference_id performance-tweaks#logging
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
7
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/platform@6.4.18%2B1
purl pkg:composer/shopware/platform@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18%252B1
1
url pkg:composer/shopware/platform@6.4.18.1
purl pkg:composer/shopware/platform@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z5g-envj-nkb5
1
vulnerability VCID-43zt-wnjy-rudk
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-6tys-6s4d-fqcm
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.18.1
aliases CVE-2023-22733, GHSA-7cp7-jfp6-jh4f
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z266-zw44-13et
40
url VCID-zhxv-e8fu-tucd
vulnerability_id VCID-zhxv-e8fu-tucd
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16072
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.1605
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15931
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16084
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
reference_id CVE-2026-31887
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
3
reference_url https://github.com/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vvp-j573-5584
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:07Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B15
purl pkg:composer/shopware/platform@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B15
1
url pkg:composer/shopware/platform@6.6.10.15
purl pkg:composer/shopware/platform@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.15
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31887, GHSA-7vvp-j573-5584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxv-e8fu-tucd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.4.1.0