Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/core@6.4.17.1
Typecomposer
Namespaceshopware
Namecore
Version6.4.17.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.10.15
Latest_non_vulnerable_version6.7.8.1
Affected_by_vulnerabilities
0
url VCID-43zt-wnjy-rudk
vulnerability_id VCID-43zt-wnjy-rudk
summary Shopware vulnerable to path traversal via Plugin upload
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-6wh5-mw9h-5c3w
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43zt-wnjy-rudk
1
url VCID-5b7t-vavj-efae
vulnerability_id VCID-5b7t-vavj-efae
summary Shopware Customer Orders can be canceled, even if refunds are disabled
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
2
reference_url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-r2vg-hvjm-fg38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5b7t-vavj-efae
2
url VCID-5yxh-sqdk-37dy
vulnerability_id VCID-5yxh-sqdk-37dy
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in sales. This problem has been fixed with version 6.4.18.1. Users on major versions 6.1, 6.2, and 6.3 may also obtain this fix via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22730
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53562
published_at 2026-06-11T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53689
published_at 2026-06-14T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53687
published_at 2026-06-12T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53703
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22730
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22730
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22730
3
reference_url https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9
reference_id 4fce12096e54b2033832d9104fa2e68888c2b4e9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://github.com/shopware/platform/commit/4fce12096e54b2033832d9104fa2e68888c2b4e9
4
reference_url https://github.com/advisories/GHSA-8r6h-m72v-38fg
reference_id GHSA-8r6h-m72v-38fg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r6h-m72v-38fg
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg
reference_id GHSA-8r6h-m72v-38fg
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://github.com/shopware/platform/security/advisories/GHSA-8r6h-m72v-38fg
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:33Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/core@6.4.18.1
purl pkg:composer/shopware/core@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1
1
url pkg:composer/shopware/core@6.4.18%2B1
purl pkg:composer/shopware/core@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1
aliases CVE-2023-22730, GHSA-8r6h-m72v-38fg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yxh-sqdk-37dy
3
url VCID-637f-zxjb-8ufn
vulnerability_id VCID-637f-zxjb-8ufn
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The "not found" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-06-11T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17628
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17654
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17636
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
reference_id CVE-2026-31888
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
3
reference_url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:39Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31888, GHSA-gqc5-xv7m-gcjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-637f-zxjb-8ufn
4
url VCID-6tys-6s4d-fqcm
vulnerability_id VCID-6tys-6s4d-fqcm
summary 
Shopware Broken ACL on Document retrieval to access other customers documents
### Impact
It's possible to guess the deepLinkCode of an Document to open documents of other customers

### Patches
Update to Shopware 6.6.10.3 or 6.5.8.17

### Workarounds
For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
5
reference_url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
reference_id GHSA-68wv-g3fw-pq7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B17
purl pkg:composer/shopware/core@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
3
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
4
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
5
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases GHSA-68wv-g3fw-pq7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tys-6s4d-fqcm
5
url VCID-845f-5kns-bqcb
vulnerability_id VCID-845f-5kns-bqcb
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22732
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61686
published_at 2026-06-13T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61682
published_at 2026-06-14T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61576
published_at 2026-06-11T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61678
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22732
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22732
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22732
3
reference_url https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
reference_id cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://github.com/shopware/platform/commit/cd7a89cbcd3a0428c6d1ef27b3aa15467a722ff6
4
reference_url https://github.com/advisories/GHSA-59qg-93jg-236f
reference_id GHSA-59qg-93jg-236f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59qg-93jg-236f
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f
reference_id GHSA-59qg-93jg-236f
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://github.com/shopware/platform/security/advisories/GHSA-59qg-93jg-236f
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:48Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/core@6.4.18.1
purl pkg:composer/shopware/core@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1
1
url pkg:composer/shopware/core@6.4.18%2B1
purl pkg:composer/shopware/core@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1
aliases CVE-2023-22732, GHSA-59qg-93jg-236f
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-845f-5kns-bqcb
6
url VCID-a8xu-y9nr-9uag
vulnerability_id VCID-a8xu-y9nr-9uag
summary Shopware 6's password recovery link does not expire after email change
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13
2
reference_url https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.9
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.9
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0
5
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.4.1
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.4.1
6
reference_url https://github.com/advisories/GHSA-2w46-vq8h-98vh
reference_id GHSA-2w46-vq8h-98vh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w46-vq8h-98vh
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh
reference_id GHSA-2w46-vq8h-98vh
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B9
purl pkg:composer/shopware/core@6.6.10%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B9
1
url pkg:composer/shopware/core@6.6.10.9
purl pkg:composer/shopware/core@6.6.10.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.9
2
url pkg:composer/shopware/core@6.7.4%2B1
purl pkg:composer/shopware/core@6.7.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4%252B1
3
url pkg:composer/shopware/core@6.7.4.1
purl pkg:composer/shopware/core@6.7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-dqba-4hk6-eud2
3
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4.1
aliases GHSA-2w46-vq8h-98vh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xu-y9nr-9uag
7
url VCID-d284-ecsh-ebhw
vulnerability_id VCID-d284-ecsh-ebhw
summary Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22407
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28835
published_at 2026-06-12T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28848
published_at 2026-06-14T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28859
published_at 2026-06-13T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28635
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22407
1
reference_url https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/core/commit/78142489264f9262eaaa436ba036df40026a06be
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/fb25e24ca51650009ffa2520f1e67b48b911354a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22407
reference_id CVE-2024-22407
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22407
5
reference_url https://github.com/advisories/GHSA-3867-jc5c-66qf
reference_id GHSA-3867-jc5c-66qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3867-jc5c-66qf
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf
reference_id GHSA-3867-jc5c-66qf
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:09:33Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf
fixed_packages
0
url pkg:composer/shopware/core@6.5.7%2B4
purl pkg:composer/shopware/core@6.5.7%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7%252B4
1
url pkg:composer/shopware/core@6.5.7.4
purl pkg:composer/shopware/core@6.5.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-s7y9-5z3z-syec
13
vulnerability VCID-sjfg-863y-c3fp
14
vulnerability VCID-sq4j-drbr-fub6
15
vulnerability VCID-stdp-p5h7-3kg3
16
vulnerability VCID-u41w-g79s-eyez
17
vulnerability VCID-ykq7-2fy3-b7e1
18
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7.4
aliases CVE-2024-22407, GHSA-3867-jc5c-66qf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d284-ecsh-ebhw
8
url VCID-dqba-4hk6-eud2
vulnerability_id VCID-dqba-4hk6-eud2
summary Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26177
published_at 2026-06-11T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26375
published_at 2026-06-14T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.2639
published_at 2026-06-13T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26378
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
reference_id CVE-2026-31889
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
3
reference_url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:04:03Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31889, GHSA-c4p7-rwrg-pf6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqba-4hk6-eud2
9
url VCID-g4mm-3wn7-z3dr
vulnerability_id VCID-g4mm-3wn7-z3dr
summary Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2017
reference_id
reference_type
scores
0
value 0.02271
scoring_system epss
scoring_elements 0.85005
published_at 2026-06-11T12:55:00Z
1
value 0.02424
scoring_system epss
scoring_elements 0.85519
published_at 2026-06-14T12:55:00Z
2
value 0.02424
scoring_system epss
scoring_elements 0.85527
published_at 2026-06-13T12:55:00Z
3
value 0.02424
scoring_system epss
scoring_elements 0.85517
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2017
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://github.com/shopware/platform/releases/tag/v6.4.20.1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform/releases/tag/v6.4.20.1
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2017
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2017
5
reference_url https://starlabs.sg/advisories/23/23-2017
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://starlabs.sg/advisories/23/23-2017
6
reference_url https://starlabs.sg/advisories/23/23-2017/
reference_id 23-2017
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://starlabs.sg/advisories/23/23-2017/
7
reference_url https://github.com/advisories/GHSA-7v2v-9rm4-7m8f
reference_id GHSA-7v2v-9rm4-7m8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7v2v-9rm4-7m8f
8
reference_url https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
reference_id GHSA-7v2v-9rm4-7m8f
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f
9
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
reference_id security-update-04-2023
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:46:34Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023
fixed_packages
0
url pkg:composer/shopware/core@6.4.20%2B1
purl pkg:composer/shopware/core@6.4.20%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.20%252B1
1
url pkg:composer/shopware/core@6.4.20.1
purl pkg:composer/shopware/core@6.4.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-h4gh-jepq-2ue8
8
vulnerability VCID-nhdh-f91b-kuex
9
vulnerability VCID-nzcj-wu6c-pfgw
10
vulnerability VCID-parp-avvf-v3bu
11
vulnerability VCID-qhgp-qxed-7qbc
12
vulnerability VCID-rfa4-81mz-qqd9
13
vulnerability VCID-s7y9-5z3z-syec
14
vulnerability VCID-sjfg-863y-c3fp
15
vulnerability VCID-sq4j-drbr-fub6
16
vulnerability VCID-stdp-p5h7-3kg3
17
vulnerability VCID-u41w-g79s-eyez
18
vulnerability VCID-ujfm-g8ne-cqhx
19
vulnerability VCID-ykq7-2fy3-b7e1
20
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.20.1
aliases CVE-2023-2017, GHSA-7v2v-9rm4-7m8f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4mm-3wn7-z3dr
10
url VCID-h4gh-jepq-2ue8
vulnerability_id VCID-h4gh-jepq-2ue8
summary Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74858
published_at 2026-06-12T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.74868
published_at 2026-06-14T12:55:00Z
2
value 0.00817
scoring_system epss
scoring_elements 0.74872
published_at 2026-06-13T12:55:00Z
3
value 0.00817
scoring_system epss
scoring_elements 0.74787
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42357
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
reference_id 57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/57ea2f3c59483cf7c0f853e7a0d68c23ded1fe5b
3
reference_url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
reference_id 63c05615694790f5790a04ef889f42b764fa53c9
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/63c05615694790f5790a04ef889f42b764fa53c9
4
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
5
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
reference_id CVE-2024-42357
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42357
7
reference_url https://github.com/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6w9-r443-r752
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
reference_id GHSA-p6w9-r443-r752
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-08T18:17:05Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-p6w9-r443-r752
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B13
purl pkg:composer/shopware/core@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-sq4j-drbr-fub6
10
vulnerability VCID-stdp-p5h7-3kg3
11
vulnerability VCID-u41w-g79s-eyez
12
vulnerability VCID-ykq7-2fy3-b7e1
13
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
3
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42357, GHSA-p6w9-r443-r752
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4gh-jepq-2ue8
11
url VCID-nhdh-f91b-kuex
vulnerability_id VCID-nhdh-f91b-kuex
summary Shopware exposes sensitive user information via CSV export mapping
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
2
reference_url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-27c9-vp3w-6ww8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhdh-f91b-kuex
12
url VCID-nzcj-wu6c-pfgw
vulnerability_id VCID-nzcj-wu6c-pfgw
summary Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
2
reference_url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-3cpp-fv95-mpr5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcj-wu6c-pfgw
13
url VCID-p5f5-9e68-rqdd
vulnerability_id VCID-p5f5-9e68-rqdd
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This problem has been fixed with version 6.4.18.1. Users are advised to upgrade. Users unable to upgrade may find security measures are available via a plugin for major versions 6.1, 6.2, and 6.3. Users may also disable newsletter registration completely.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22734
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53687
published_at 2026-06-12T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53689
published_at 2026-06-14T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53562
published_at 2026-06-11T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53703
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22734
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22734
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22734
3
reference_url https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620
reference_id f5a95ee2bcf1e546878450963ef1d9886e59a620
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://github.com/shopware/platform/commit/f5a95ee2bcf1e546878450963ef1d9886e59a620
4
reference_url https://github.com/advisories/GHSA-46h7-vj7x-fxg2
reference_id GHSA-46h7-vj7x-fxg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46h7-vj7x-fxg2
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2
reference_id GHSA-46h7-vj7x-fxg2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://github.com/shopware/platform/security/advisories/GHSA-46h7-vj7x-fxg2
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:51Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/core@6.4.18.1
purl pkg:composer/shopware/core@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1
1
url pkg:composer/shopware/core@6.4.18%2B1
purl pkg:composer/shopware/core@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1
aliases CVE-2023-22734, GHSA-46h7-vj7x-fxg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5f5-9e68-rqdd
14
url VCID-parp-avvf-v3bu
vulnerability_id VCID-parp-avvf-v3bu
summary Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
reference_id
reference_type
scores
0
value 0.01052
scoring_system epss
scoring_elements 0.78052
published_at 2026-06-14T12:55:00Z
1
value 0.01052
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-13T12:55:00Z
2
value 0.01052
scoring_system epss
scoring_elements 0.78045
published_at 2026-06-12T12:55:00Z
3
value 0.01052
scoring_system epss
scoring_elements 0.77977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42355
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
reference_id 445c6763cc093fbd651e0efaa4150deae4ae60da
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/445c6763cc093fbd651e0efaa4150deae4ae60da
3
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
4
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
reference_id CVE-2024-42355
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42355
6
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
7
reference_url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27wp-jvhw-v4xp
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
reference_id GHSA-27wp-jvhw-v4xp
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-08T15:26:25Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-27wp-jvhw-v4xp
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B13
purl pkg:composer/shopware/core@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-sq4j-drbr-fub6
10
vulnerability VCID-stdp-p5h7-3kg3
11
vulnerability VCID-u41w-g79s-eyez
12
vulnerability VCID-ykq7-2fy3-b7e1
13
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
3
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42355, GHSA-27wp-jvhw-v4xp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-parp-avvf-v3bu
15
url VCID-qhgp-qxed-7qbc
vulnerability_id VCID-qhgp-qxed-7qbc
summary Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it's possible to call from Twig any statically callable PHP function/method. It's not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62937
published_at 2026-06-11T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.63047
published_at 2026-06-14T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.6305
published_at 2026-06-13T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.63038
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42356
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
reference_id 04183e0c02af3b404eb7d52c683734bfe0595038
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/04183e0c02af3b404eb7d52c683734bfe0595038
3
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
4
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
reference_id CVE-2024-42356
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42356
6
reference_url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
reference_id e43423bcc93c618c3036f94c12aa29514da8cf2e
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/commit/e43423bcc93c618c3036f94c12aa29514da8cf2e
7
reference_url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jp-8cgg-p4wj
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
reference_id GHSA-35jp-8cgg-p4wj
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-09T15:51:49Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-35jp-8cgg-p4wj
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B13
purl pkg:composer/shopware/core@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-sq4j-drbr-fub6
10
vulnerability VCID-stdp-p5h7-3kg3
11
vulnerability VCID-u41w-g79s-eyez
12
vulnerability VCID-ykq7-2fy3-b7e1
13
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
3
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42356, GHSA-35jp-8cgg-p4wj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhgp-qxed-7qbc
16
url VCID-radt-bkq9-9ua5
vulnerability_id VCID-radt-bkq9-9ua5
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22731
reference_id
reference_type
scores
0
value 0.02406
scoring_system epss
scoring_elements 0.85413
published_at 2026-06-11T12:55:00Z
1
value 0.02406
scoring_system epss
scoring_elements 0.85466
published_at 2026-06-14T12:55:00Z
2
value 0.02406
scoring_system epss
scoring_elements 0.85465
published_at 2026-06-12T12:55:00Z
3
value 0.02406
scoring_system epss
scoring_elements 0.85474
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22731
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22731
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22731
3
reference_url https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
reference_id 89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/shopware/platform/commit/89d1ea154689cb6202e0d3a0ceeae0febb0c09e1
4
reference_url https://github.com/advisories/GHSA-93cw-f5jj-x85w
reference_id GHSA-93cw-f5jj-x85w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93cw-f5jj-x85w
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
reference_id GHSA-93cw-f5jj-x85w
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w
6
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/core@6.4.18.1
purl pkg:composer/shopware/core@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1
1
url pkg:composer/shopware/core@6.4.18%2B1
purl pkg:composer/shopware/core@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1
aliases CVE-2023-22731, GHSA-93cw-f5jj-x85w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-radt-bkq9-9ua5
17
url VCID-rfa4-81mz-qqd9
vulnerability_id VCID-rfa4-81mz-qqd9
summary Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1 and 6.5.8.13, the processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62735
published_at 2026-06-13T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.6273
published_at 2026-06-14T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62723
published_at 2026-06-12T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62622
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42354
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_id 8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/8504ba7e56e53add6a1d5b9d45015e3d899cd0ac
3
reference_url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_id a784aa1cec0624e36e0ee4d41aeebaed40e0442f
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/a784aa1cec0624e36e0ee4d41aeebaed40e0442f
4
reference_url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
reference_id ad83d38809df457efef21c37ce0996430334bf01
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/commit/ad83d38809df457efef21c37ce0996430334bf01
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
reference_id CVE-2024-42354
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-42354
6
reference_url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_id d35ee2eda5c995faeb08b3dad127eab65c64e2a2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/core/commit/d35ee2eda5c995faeb08b3dad127eab65c64e2a2
7
reference_url https://github.com/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhcq-ph6w-494g
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
reference_id GHSA-hhcq-ph6w-494g
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:24:16Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hhcq-ph6w-494g
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B13
purl pkg:composer/shopware/core@6.5.8%2B13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B13
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.5.1
purl pkg:composer/shopware/core@6.6.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-sq4j-drbr-fub6
10
vulnerability VCID-stdp-p5h7-3kg3
11
vulnerability VCID-u41w-g79s-eyez
12
vulnerability VCID-ykq7-2fy3-b7e1
13
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5.1
3
url pkg:composer/shopware/core@6.6.5%2B1
purl pkg:composer/shopware/core@6.6.5%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.5%252B1
aliases CVE-2024-42354, GHSA-hhcq-ph6w-494g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfa4-81mz-qqd9
18
url VCID-s7y9-5z3z-syec
vulnerability_id VCID-s7y9-5z3z-syec
summary Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31447
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.3744
published_at 2026-06-12T12:55:00Z
1
value 0.00164
scoring_system epss
scoring_elements 0.3745
published_at 2026-06-14T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.37262
published_at 2026-06-11T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37463
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31447
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/commit/5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
reference_id 5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/commit/5cc84ddd817ad0c1d07f9b3c79ab346d50514a77
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31447
reference_id CVE-2024-31447
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31447
4
reference_url https://github.com/shopware/shopware/commit/d29775aa758f70d08e0c5999795c7c26d230e7d3
reference_id d29775aa758f70d08e0c5999795c7c26d230e7d3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/commit/d29775aa758f70d08e0c5999795c7c26d230e7d3
5
reference_url https://github.com/advisories/GHSA-5297-wrrp-rcj7
reference_id GHSA-5297-wrrp-rcj7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5297-wrrp-rcj7
6
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-5297-wrrp-rcj7
reference_id GHSA-5297-wrrp-rcj7
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:22:21Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-5297-wrrp-rcj7
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B8
purl pkg:composer/shopware/core@6.5.8%2B8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B8
1
url pkg:composer/shopware/core@6.6.0.0
purl pkg:composer/shopware/core@6.6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-sjfg-863y-c3fp
13
vulnerability VCID-sq4j-drbr-fub6
14
vulnerability VCID-stdp-p5h7-3kg3
15
vulnerability VCID-u41w-g79s-eyez
16
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.0.0
2
url pkg:composer/shopware/core@6.6.1%2B0
purl pkg:composer/shopware/core@6.6.1%2B0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.1%252B0
3
url pkg:composer/shopware/core@6.6.10.12
purl pkg:composer/shopware/core@6.6.10.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-nhdh-f91b-kuex
7
vulnerability VCID-nzcj-wu6c-pfgw
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-sq4j-drbr-fub6
10
vulnerability VCID-stdp-p5h7-3kg3
11
vulnerability VCID-u41w-g79s-eyez
12
vulnerability VCID-ykq7-2fy3-b7e1
13
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.12
aliases CVE-2024-31447, GHSA-5297-wrrp-rcj7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7y9-5z3z-syec
19
url VCID-sjfg-863y-c3fp
vulnerability_id VCID-sjfg-863y-c3fp
summary Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m895-2hj3-8cg9
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-m895-2hj3-8cg9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjfg-863y-c3fp
20
url VCID-sq4j-drbr-fub6
vulnerability_id VCID-sq4j-drbr-fub6
summary Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.74498
published_at 2026-06-13T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.74495
published_at 2026-06-14T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.74411
published_at 2026-06-11T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.74484
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
6
reference_url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:47:17Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B17
purl pkg:composer/shopware/core@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
3
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
4
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
5
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-30151, GHSA-cgfj-hj93-rmh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4j-drbr-fub6
21
url VCID-stdp-p5h7-3kg3
vulnerability_id VCID-stdp-p5h7-3kg3
summary Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.70601
published_at 2026-06-14T12:55:00Z
1
value 0.00619
scoring_system epss
scoring_elements 0.70604
published_at 2026-06-13T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74708
published_at 2026-06-12T12:55:00Z
3
value 0.00808
scoring_system epss
scoring_elements 0.74636
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
6
reference_url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:45:06Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B18
purl pkg:composer/shopware/core@6.5.8%2B18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B18
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
3
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
4
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
5
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-30150, GHSA-hh7j-6x3q-f52h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stdp-p5h7-3kg3
22
url VCID-u41w-g79s-eyez
vulnerability_id VCID-u41w-g79s-eyez
summary Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
reference_id
reference_type
scores
0
value 0.01246
scoring_system epss
scoring_elements 0.79772
published_at 2026-06-12T12:55:00Z
1
value 0.01246
scoring_system epss
scoring_elements 0.79784
published_at 2026-06-14T12:55:00Z
2
value 0.01246
scoring_system epss
scoring_elements 0.7979
published_at 2026-06-13T12:55:00Z
3
value 0.01246
scoring_system epss
scoring_elements 0.79707
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
6
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
7
reference_url https://github.com/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g35-7rmw-7f59
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
9
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
reference_id rt-sa-2025-001
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B18
purl pkg:composer/shopware/core@6.5.8%2B18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B18
1
url pkg:composer/shopware/core@6.5.8.2
purl pkg:composer/shopware/core@6.5.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-s7y9-5z3z-syec
8
vulnerability VCID-sjfg-863y-c3fp
9
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.2
2
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
3
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
4
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
5
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-27892, GHSA-8g35-7rmw-7f59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u41w-g79s-eyez
23
url VCID-ujfm-g8ne-cqhx
vulnerability_id VCID-ujfm-g8ne-cqhx
summary Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22406
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.62221
published_at 2026-06-14T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.62223
published_at 2026-06-13T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.6211
published_at 2026-06-11T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.62212
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22406
1
reference_url https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/core/commit/e2256ec81e56f792623e90d89786d8a9fcad28bf
2
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
3
reference_url https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/5005213e609f5a4423fcfa92f105c3de8ab35100
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.7.4
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.7.4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22406
reference_id CVE-2024-22406
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22406
6
reference_url https://github.com/advisories/GHSA-qmp9-2xwj-m6m9
reference_id GHSA-qmp9-2xwj-m6m9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmp9-2xwj-m6m9
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9
reference_id GHSA-qmp9-2xwj-m6m9
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:42:55Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9
fixed_packages
0
url pkg:composer/shopware/core@6.5.7%2B4
purl pkg:composer/shopware/core@6.5.7%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7%252B4
1
url pkg:composer/shopware/core@6.5.7.4
purl pkg:composer/shopware/core@6.5.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-dqba-4hk6-eud2
6
vulnerability VCID-h4gh-jepq-2ue8
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-parp-avvf-v3bu
10
vulnerability VCID-qhgp-qxed-7qbc
11
vulnerability VCID-rfa4-81mz-qqd9
12
vulnerability VCID-s7y9-5z3z-syec
13
vulnerability VCID-sjfg-863y-c3fp
14
vulnerability VCID-sq4j-drbr-fub6
15
vulnerability VCID-stdp-p5h7-3kg3
16
vulnerability VCID-u41w-g79s-eyez
17
vulnerability VCID-ykq7-2fy3-b7e1
18
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.7.4
aliases CVE-2024-22406, GHSA-qmp9-2xwj-m6m9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujfm-g8ne-cqhx
24
url VCID-ykq7-2fy3-b7e1
vulnerability_id VCID-ykq7-2fy3-b7e1
summary Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63782
published_at 2026-06-14T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63668
published_at 2026-06-11T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.6377
published_at 2026-06-12T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.63783
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
3
reference_url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:32:57Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
fixed_packages
0
url pkg:composer/shopware/core@6.5.8%2B17
purl pkg:composer/shopware/core@6.5.8%2B17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-stdp-p5h7-3kg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8%252B17
1
url pkg:composer/shopware/core@6.5.8.17
purl pkg:composer/shopware/core@6.5.8.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-a8xu-y9nr-9uag
4
vulnerability VCID-dqba-4hk6-eud2
5
vulnerability VCID-nhdh-f91b-kuex
6
vulnerability VCID-nzcj-wu6c-pfgw
7
vulnerability VCID-sjfg-863y-c3fp
8
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.5.8.17
2
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
3
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
4
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
5
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-32378, GHSA-4h9w-7vfp-px8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykq7-2fy3-b7e1
25
url VCID-z266-zw44-13et
vulnerability_id VCID-z266-zw44-13et
summary Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22733
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.5378
published_at 2026-06-11T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53909
published_at 2026-06-14T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53905
published_at 2026-06-12T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53922
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22733
1
reference_url https://github.com/shopware/platform
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/platform
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22733
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22733
3
reference_url https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
reference_id 407a83063d7141c1a626441799c3ebef79498c07
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
4
reference_url https://github.com/advisories/GHSA-7cp7-jfp6-jh4f
reference_id GHSA-7cp7-jfp6-jh4f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cp7-jfp6-jh4f
5
reference_url https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f
reference_id GHSA-7cp7-jfp6-jh4f
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f
6
reference_url https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
reference_id performance-tweaks#logging
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
7
reference_url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
reference_id security-update-01-2023?category=security-updates
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:45Z/
url https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
fixed_packages
0
url pkg:composer/shopware/core@6.4.18.1
purl pkg:composer/shopware/core@6.4.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-637f-zxjb-8ufn
3
vulnerability VCID-6tys-6s4d-fqcm
4
vulnerability VCID-a8xu-y9nr-9uag
5
vulnerability VCID-d284-ecsh-ebhw
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-g4mm-3wn7-z3dr
8
vulnerability VCID-h4gh-jepq-2ue8
9
vulnerability VCID-nhdh-f91b-kuex
10
vulnerability VCID-nzcj-wu6c-pfgw
11
vulnerability VCID-parp-avvf-v3bu
12
vulnerability VCID-qhgp-qxed-7qbc
13
vulnerability VCID-rfa4-81mz-qqd9
14
vulnerability VCID-s7y9-5z3z-syec
15
vulnerability VCID-sjfg-863y-c3fp
16
vulnerability VCID-sq4j-drbr-fub6
17
vulnerability VCID-stdp-p5h7-3kg3
18
vulnerability VCID-u41w-g79s-eyez
19
vulnerability VCID-ujfm-g8ne-cqhx
20
vulnerability VCID-ykq7-2fy3-b7e1
21
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18.1
1
url pkg:composer/shopware/core@6.4.18%2B1
purl pkg:composer/shopware/core@6.4.18%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.18%252B1
aliases CVE-2023-22733, GHSA-7cp7-jfp6-jh4f
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z266-zw44-13et
26
url VCID-zhxv-e8fu-tucd
vulnerability_id VCID-zhxv-e8fu-tucd
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16072
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.1605
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15931
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16084
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
reference_id CVE-2026-31887
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
3
reference_url https://github.com/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vvp-j573-5584
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:07Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31887, GHSA-7vvp-j573-5584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxv-e8fu-tucd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.4.17.1