Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/magento/community-edition@2.4.4-p1
Typecomposer
Namespacemagento
Namecommunity-edition
Version2.4.4-p1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.4-p10
Latest_non_vulnerable_version2.4.9-alpha3
Affected_by_vulnerabilities
0
url VCID-16x4-fjuv-hbc4
vulnerability_id VCID-16x4-fjuv-hbc4
summary 
Magento Open Source allows Cross-Site Request Forgery (CSRF)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20718
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30601
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20718
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-03.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-29T17:27:46Z/
url https://helpx.adobe.com/security/products/magento/apsb24-03.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20718
reference_id CVE-2024-20718
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20718
4
reference_url https://github.com/advisories/GHSA-hqgj-4396-hmxv
reference_id GHSA-hqgj-4396-hmxv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hqgj-4396-hmxv
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p7
purl pkg:composer/magento/community-edition@2.4.4-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7
1
url pkg:composer/magento/community-edition@2.4.5-p6
purl pkg:composer/magento/community-edition@2.4.5-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6
2
url pkg:composer/magento/community-edition@2.4.6-p4
purl pkg:composer/magento/community-edition@2.4.6-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4
aliases CVE-2024-20718, GHSA-hqgj-4396-hmxv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16x4-fjuv-hbc4
1
url VCID-1wxk-rhfp-qqgp
vulnerability_id VCID-1wxk-rhfp-qqgp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39401
reference_id
reference_type
scores
0
value 0.0264
scoring_system epss
scoring_elements 0.85973
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39401
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:32Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39401
reference_id CVE-2024-39401
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39401
4
reference_url https://github.com/advisories/GHSA-8frp-pxq2-3gpq
reference_id GHSA-8frp-pxq2-3gpq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8frp-pxq2-3gpq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39401, GHSA-8frp-pxq2-3gpq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1wxk-rhfp-qqgp
2
url VCID-1xvu-3fjk-t7ay
vulnerability_id VCID-1xvu-3fjk-t7ay
summary 
Magento Open Source allows Improper Neutralization of Special Elements Used
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29297
reference_id
reference_type
scores
0
value 0.08749
scoring_system epss
scoring_elements 0.92636
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29297
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T18:37:01Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29297
reference_id CVE-2023-29297
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29297
4
reference_url https://github.com/advisories/GHSA-gfmm-ww6f-5mm5
reference_id GHSA-gfmm-ww6f-5mm5
reference_type
scores
url https://github.com/advisories/GHSA-gfmm-ww6f-5mm5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29297, GHSA-gfmm-ww6f-5mm5
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xvu-3fjk-t7ay
3
url VCID-1yr5-8e84-cyf5
vulnerability_id VCID-1yr5-8e84-cyf5
summary 
Magento Open Source allows Improper Neutralization of Special Elements Used
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38208
reference_id
reference_type
scores
0
value 0.03849
scoring_system epss
scoring_elements 0.88393
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38208
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-42.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:53:29Z/
url https://helpx.adobe.com/security/products/magento/apsb23-42.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38208
reference_id CVE-2023-38208
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38208
4
reference_url https://github.com/advisories/GHSA-mxc9-g6m4-2v35
reference_id GHSA-mxc9-g6m4-2v35
reference_type
scores
url https://github.com/advisories/GHSA-mxc9-g6m4-2v35
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p5
purl pkg:composer/magento/community-edition@2.4.4-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5
1
url pkg:composer/magento/community-edition@2.4.5-p4
purl pkg:composer/magento/community-edition@2.4.5-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4
2
url pkg:composer/magento/community-edition@2.4.6-p2
purl pkg:composer/magento/community-edition@2.4.6-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2
aliases CVE-2023-38208, GHSA-mxc9-g6m4-2v35
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1yr5-8e84-cyf5
4
url VCID-2gjv-y49y-4yh7
vulnerability_id VCID-2gjv-y49y-4yh7
summary 
Magento Open Source allows Improper Access Control
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22250
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63289
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22250
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:21Z/
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22250
reference_id CVE-2023-22250
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22250
4
reference_url https://github.com/advisories/GHSA-4h7p-4vq8-g2gh
reference_id GHSA-4h7p-4vq8-g2gh
reference_type
scores
url https://github.com/advisories/GHSA-4h7p-4vq8-g2gh
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22250, GHSA-4h7p-4vq8-g2gh
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gjv-y49y-4yh7
5
url VCID-389t-bp5k-yqbw
vulnerability_id VCID-389t-bp5k-yqbw
summary 
Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29289
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.58242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29289
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:23Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29289
reference_id CVE-2023-29289
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29289
4
reference_url https://github.com/advisories/GHSA-wh42-8r2w-873x
reference_id GHSA-wh42-8r2w-873x
reference_type
scores
url https://github.com/advisories/GHSA-wh42-8r2w-873x
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29289, GHSA-wh42-8r2w-873x
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-389t-bp5k-yqbw
6
url VCID-3d83-1r55-uqfb
vulnerability_id VCID-3d83-1r55-uqfb
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38209
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40529
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38209
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-42.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:38Z/
url https://helpx.adobe.com/security/products/magento/apsb23-42.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38209
reference_id CVE-2023-38209
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38209
4
reference_url https://github.com/advisories/GHSA-3vg2-v639-6ch9
reference_id GHSA-3vg2-v639-6ch9
reference_type
scores
url https://github.com/advisories/GHSA-3vg2-v639-6ch9
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p5
purl pkg:composer/magento/community-edition@2.4.4-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5
1
url pkg:composer/magento/community-edition@2.4.5-p4
purl pkg:composer/magento/community-edition@2.4.5-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4
2
url pkg:composer/magento/community-edition@2.4.6-p2
purl pkg:composer/magento/community-edition@2.4.6-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2
aliases CVE-2023-38209, GHSA-3vg2-v639-6ch9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3d83-1r55-uqfb
7
url VCID-3tpy-wktb-wqdj
vulnerability_id VCID-3tpy-wktb-wqdj
summary 
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26366
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58093
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26366
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 5.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 5.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:13Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26366
reference_id CVE-2023-26366
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 5.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26366
4
reference_url https://github.com/advisories/GHSA-8jxc-5f94-22vh
reference_id GHSA-8jxc-5f94-22vh
reference_type
scores
url https://github.com/advisories/GHSA-8jxc-5f94-22vh
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-26366, GHSA-8jxc-5f94-22vh
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpy-wktb-wqdj
8
url VCID-4rga-e18t-myh6
vulnerability_id VCID-4rga-e18t-myh6
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29288
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37058
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29288
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:27Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29288
reference_id CVE-2023-29288
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29288
4
reference_url https://github.com/advisories/GHSA-f989-3fp9-q3r2
reference_id GHSA-f989-3fp9-q3r2
reference_type
scores
url https://github.com/advisories/GHSA-f989-3fp9-q3r2
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29288, GHSA-f989-3fp9-q3r2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rga-e18t-myh6
9
url VCID-5bn1-w5sa-ubft
vulnerability_id VCID-5bn1-w5sa-ubft
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39413
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.54108
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39413
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:47Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39413
reference_id CVE-2024-39413
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39413
4
reference_url https://github.com/advisories/GHSA-8w5f-8992-g86j
reference_id GHSA-8w5f-8992-g86j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w5f-8992-g86j
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39413, GHSA-8w5f-8992-g86j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bn1-w5sa-ubft
10
url VCID-6gue-nxx5-u3h6
vulnerability_id VCID-6gue-nxx5-u3h6
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29295
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29295
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:06Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29295
reference_id CVE-2023-29295
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29295
4
reference_url https://github.com/advisories/GHSA-354h-fpmq-68v7
reference_id GHSA-354h-fpmq-68v7
reference_type
scores
url https://github.com/advisories/GHSA-354h-fpmq-68v7
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29295, GHSA-354h-fpmq-68v7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gue-nxx5-u3h6
11
url VCID-8wm3-xqbd-zqf5
vulnerability_id VCID-8wm3-xqbd-zqf5
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29290
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34763
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29290
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:03Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29290
reference_id CVE-2023-29290
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29290
4
reference_url https://github.com/advisories/GHSA-qw5m-vmp3-f553
reference_id GHSA-qw5m-vmp3-f553
reference_type
scores
url https://github.com/advisories/GHSA-qw5m-vmp3-f553
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29290, GHSA-qw5m-vmp3-f553
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wm3-xqbd-zqf5
12
url VCID-94sc-9fyk-2uay
vulnerability_id VCID-94sc-9fyk-2uay
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39402
reference_id
reference_type
scores
0
value 0.0264
scoring_system epss
scoring_elements 0.85973
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39402
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:09Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39402
reference_id CVE-2024-39402
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39402
4
reference_url https://github.com/advisories/GHSA-2ff6-837j-hg5x
reference_id GHSA-2ff6-837j-hg5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ff6-837j-hg5x
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39402, GHSA-2ff6-837j-hg5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94sc-9fyk-2uay
13
url VCID-9u6k-hbxd-8bds
vulnerability_id VCID-9u6k-hbxd-8bds
summary 
Magento Open Source has Business Logic Errors Vulnerability
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29294
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41646
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29294
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:09Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29294
reference_id CVE-2023-29294
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29294
4
reference_url https://github.com/advisories/GHSA-28vp-39rf-3q2j
reference_id GHSA-28vp-39rf-3q2j
reference_type
scores
url https://github.com/advisories/GHSA-28vp-39rf-3q2j
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29294, GHSA-28vp-39rf-3q2j
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u6k-hbxd-8bds
14
url VCID-9v4c-gauv-wyh2
vulnerability_id VCID-9v4c-gauv-wyh2
summary 
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29292
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64866
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29292
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:16Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29292
reference_id CVE-2023-29292
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29292
4
reference_url https://github.com/advisories/GHSA-4588-7x48-jrgj
reference_id GHSA-4588-7x48-jrgj
reference_type
scores
url https://github.com/advisories/GHSA-4588-7x48-jrgj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29292, GHSA-4588-7x48-jrgj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v4c-gauv-wyh2
15
url VCID-a2mn-k8qn-j7c9
vulnerability_id VCID-a2mn-k8qn-j7c9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39400
reference_id
reference_type
scores
0
value 0.01472
scoring_system epss
scoring_elements 0.81253
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39400
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:38Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39400
reference_id CVE-2024-39400
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39400
4
reference_url https://github.com/advisories/GHSA-52fg-wjxm-pp44
reference_id GHSA-52fg-wjxm-pp44
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52fg-wjxm-pp44
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39400, GHSA-52fg-wjxm-pp44
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2mn-k8qn-j7c9
16
url VCID-b6wy-nzzg-k3em
vulnerability_id VCID-b6wy-nzzg-k3em
summary 
Magento Open Source affected by Improper Input Validation
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22248
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37862
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22248
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:10Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22248
reference_id CVE-2023-22248
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22248
4
reference_url https://github.com/advisories/GHSA-5jfg-phx7-7fxg
reference_id GHSA-5jfg-phx7-7fxg
reference_type
scores
url https://github.com/advisories/GHSA-5jfg-phx7-7fxg
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
2
url pkg:composer/magento/community-edition@2.4.5-p4
purl pkg:composer/magento/community-edition@2.4.5-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4
aliases CVE-2023-22248, GHSA-5jfg-phx7-7fxg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6wy-nzzg-k3em
17
url VCID-bm3p-s43s-uuce
vulnerability_id VCID-bm3p-s43s-uuce
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38219
reference_id
reference_type
scores
0
value 0.0152
scoring_system epss
scoring_elements 0.81552
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38219
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:34Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38219
reference_id CVE-2023-38219
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38219
4
reference_url https://github.com/advisories/GHSA-3j7w-jp46-9752
reference_id GHSA-3j7w-jp46-9752
reference_type
scores
url https://github.com/advisories/GHSA-3j7w-jp46-9752
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38219, GHSA-3j7w-jp46-9752
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bm3p-s43s-uuce
18
url VCID-c7rf-4ky3-tyev
vulnerability_id VCID-c7rf-4ky3-tyev
summary 
Magento Open Source allows Uncontrolled Resource Consumption
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20716
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50174
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20716
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-03.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-18T00:20:23Z/
url https://helpx.adobe.com/security/products/magento/apsb24-03.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20716
reference_id CVE-2024-20716
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20716
4
reference_url https://github.com/advisories/GHSA-c9h9-h5gf-885r
reference_id GHSA-c9h9-h5gf-885r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c9h9-h5gf-885r
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p7
purl pkg:composer/magento/community-edition@2.4.4-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7
1
url pkg:composer/magento/community-edition@2.4.5-p6
purl pkg:composer/magento/community-edition@2.4.5-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6
2
url pkg:composer/magento/community-edition@2.4.6-p4
purl pkg:composer/magento/community-edition@2.4.6-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4
aliases CVE-2024-20716, GHSA-c9h9-h5gf-885r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7rf-4ky3-tyev
19
url VCID-ca94-mqq1-jyaz
vulnerability_id VCID-ca94-mqq1-jyaz
summary 
Magento Open Source allows OS Command Injection
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20720
reference_id
reference_type
scores
0
value 0.07195
scoring_system epss
scoring_elements 0.91722
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20720
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-03.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-11T17:46:31Z/
url https://helpx.adobe.com/security/products/magento/apsb24-03.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20720
reference_id CVE-2024-20720
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20720
4
reference_url https://github.com/advisories/GHSA-525f-pvj5-vqmq
reference_id GHSA-525f-pvj5-vqmq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-525f-pvj5-vqmq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p7
purl pkg:composer/magento/community-edition@2.4.4-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7
1
url pkg:composer/magento/community-edition@2.4.5-p6
purl pkg:composer/magento/community-edition@2.4.5-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6
2
url pkg:composer/magento/community-edition@2.4.6-p4
purl pkg:composer/magento/community-edition@2.4.6-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4
aliases CVE-2024-20720, GHSA-525f-pvj5-vqmq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ca94-mqq1-jyaz
20
url VCID-ctr3-kt63-hybf
vulnerability_id VCID-ctr3-kt63-hybf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39404
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.4775
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39404
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:52Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39404
reference_id CVE-2024-39404
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39404
4
reference_url https://github.com/advisories/GHSA-qrh3-vxjg-h9h6
reference_id GHSA-qrh3-vxjg-h9h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrh3-vxjg-h9h6
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39404, GHSA-qrh3-vxjg-h9h6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctr3-kt63-hybf
21
url VCID-de3q-b1v4-bybu
vulnerability_id VCID-de3q-b1v4-bybu
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29296
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29296
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:03Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29296
reference_id CVE-2023-29296
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29296
4
reference_url https://github.com/advisories/GHSA-3qr4-w96f-672v
reference_id GHSA-3qr4-w96f-672v
reference_type
scores
url https://github.com/advisories/GHSA-3qr4-w96f-672v
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29296, GHSA-3qr4-w96f-672v
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de3q-b1v4-bybu
22
url VCID-enwr-t7r8-xyge
vulnerability_id VCID-enwr-t7r8-xyge
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39398
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46972
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39398
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:17Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39398
reference_id CVE-2024-39398
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39398
4
reference_url https://github.com/advisories/GHSA-q628-54wg-4r5q
reference_id GHSA-q628-54wg-4r5q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q628-54wg-4r5q
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39398, GHSA-q628-54wg-4r5q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enwr-t7r8-xyge
23
url VCID-eu82-bgnu-rue2
vulnerability_id VCID-eu82-bgnu-rue2
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38218
reference_id
reference_type
scores
0
value 0.00692
scoring_system epss
scoring_elements 0.72167
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38218
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38218
reference_id CVE-2023-38218
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38218
4
reference_url https://github.com/advisories/GHSA-rpc7-gf58-v3x2
reference_id GHSA-rpc7-gf58-v3x2
reference_type
scores
url https://github.com/advisories/GHSA-rpc7-gf58-v3x2
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38218, GHSA-rpc7-gf58-v3x2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu82-bgnu-rue2
24
url VCID-euam-6b48-suhg
vulnerability_id VCID-euam-6b48-suhg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39407
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.4775
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39407
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:04Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39407
reference_id CVE-2024-39407
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39407
4
reference_url https://github.com/advisories/GHSA-cjm6-8mw8-2f8c
reference_id GHSA-cjm6-8mw8-2f8c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjm6-8mw8-2f8c
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39407, GHSA-cjm6-8mw8-2f8c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-euam-6b48-suhg
25
url VCID-gkb3-ddu2-qyg6
vulnerability_id VCID-gkb3-ddu2-qyg6
summary 
Magento Open Source allows Uncontrolled Resource Consumption
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Uncontrolled Resource Consumption vulnerability that could lead into a minor application denial-of-service. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38251
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46059
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38251
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:04Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38251
reference_id CVE-2023-38251
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38251
4
reference_url https://github.com/advisories/GHSA-7pfc-834q-h497
reference_id GHSA-7pfc-834q-h497
reference_type
scores
url https://github.com/advisories/GHSA-7pfc-834q-h497
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38251, GHSA-7pfc-834q-h497
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkb3-ddu2-qyg6
26
url VCID-hcbc-9c78-yye6
vulnerability_id VCID-hcbc-9c78-yye6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39405
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46269
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39405
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:21Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39405
reference_id CVE-2024-39405
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39405
4
reference_url https://github.com/advisories/GHSA-5g9f-7gqc-8hj4
reference_id GHSA-5g9f-7gqc-8hj4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5g9f-7gqc-8hj4
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39405, GHSA-5g9f-7gqc-8hj4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcbc-9c78-yye6
27
url VCID-hwb9-yxzn-zub5
vulnerability_id VCID-hwb9-yxzn-zub5
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
reference_id
reference_type
scores
0
value 0.01627
scoring_system epss
scoring_elements 0.82182
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
reference_id CVE-2024-20759
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
4
reference_url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
reference_id GHSA-59vf-hjxc-f9c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11ed-qtc7-bqbg
1
vulnerability VCID-17xq-rhcp-z3hj
2
vulnerability VCID-1wxk-rhfp-qqgp
3
vulnerability VCID-1yj1-79jb-wyht
4
vulnerability VCID-2495-ugn7-v7fk
5
vulnerability VCID-27w8-khpp-c7hk
6
vulnerability VCID-29fa-krur-qqbv
7
vulnerability VCID-2eq5-hm5y-f3f4
8
vulnerability VCID-3hcd-r9gs-cfgh
9
vulnerability VCID-3jns-w9p4-jyca
10
vulnerability VCID-3sn5-689e-cbhk
11
vulnerability VCID-3tpy-wktb-wqdj
12
vulnerability VCID-3v4v-ysx5-77gs
13
vulnerability VCID-3vpy-uswf-5ugc
14
vulnerability VCID-3wnx-e9kp-fkg7
15
vulnerability VCID-46mz-swkk-suhn
16
vulnerability VCID-4kg3-wkw1-vqhy
17
vulnerability VCID-4w8w-6563-3kfb
18
vulnerability VCID-53d5-qzm4-vfgs
19
vulnerability VCID-5bn1-w5sa-ubft
20
vulnerability VCID-5du3-fvj3-87h7
21
vulnerability VCID-5fmh-e4j7-nbcf
22
vulnerability VCID-5tkb-ngcw-t7ap
23
vulnerability VCID-6g84-aswq-5kfb
24
vulnerability VCID-6mxj-tzme-zyhb
25
vulnerability VCID-6srg-smmw-hycj
26
vulnerability VCID-7dbc-v42e-j7d6
27
vulnerability VCID-7dzy-1fxw-xfes
28
vulnerability VCID-8crc-kmpq-63bd
29
vulnerability VCID-94sc-9fyk-2uay
30
vulnerability VCID-96gx-zvab-yyhe
31
vulnerability VCID-9gte-ub5c-mqas
32
vulnerability VCID-a2mn-k8qn-j7c9
33
vulnerability VCID-a9hc-nhv2-7ubx
34
vulnerability VCID-ac6e-denb-w7hy
35
vulnerability VCID-annu-j9a3-xkhs
36
vulnerability VCID-ctr3-kt63-hybf
37
vulnerability VCID-d372-f5hu-1bhr
38
vulnerability VCID-d6u8-dhmd-x3ed
39
vulnerability VCID-dqfx-d99q-jyd1
40
vulnerability VCID-ekn2-uahd-4qgw
41
vulnerability VCID-enwr-t7r8-xyge
42
vulnerability VCID-euam-6b48-suhg
43
vulnerability VCID-ewjp-uxup-gqex
44
vulnerability VCID-f5jj-23tj-wkbu
45
vulnerability VCID-f6vc-8z9a-cqej
46
vulnerability VCID-ft2p-3a61-wudj
47
vulnerability VCID-gdh1-vff1-cfc2
48
vulnerability VCID-gf2z-99wt-3qcg
49
vulnerability VCID-gkb3-ddu2-qyg6
50
vulnerability VCID-gyd8-hu6s-wkgt
51
vulnerability VCID-hbre-ty72-g7gy
52
vulnerability VCID-hcbc-9c78-yye6
53
vulnerability VCID-jbs3-xb4d-j3gz
54
vulnerability VCID-jbzd-yjne-6ucr
55
vulnerability VCID-jede-wz7z-2ugt
56
vulnerability VCID-jehy-k235-4ua9
57
vulnerability VCID-jg5k-6vqh-57ey
58
vulnerability VCID-jnsk-z1qy-8uh7
59
vulnerability VCID-k55s-dcep-mbbk
60
vulnerability VCID-khdx-kb5m-qyd7
61
vulnerability VCID-kumb-xzbe-5fb3
62
vulnerability VCID-mcuv-294k-5qc4
63
vulnerability VCID-mgk4-9tan-a7fj
64
vulnerability VCID-mgxx-zdm4-9fe7
65
vulnerability VCID-mwg1-4tbg-53cg
66
vulnerability VCID-ntcr-n7fp-j3ab
67
vulnerability VCID-p84d-d8gt-ukck
68
vulnerability VCID-qsq4-2nz1-p7hu
69
vulnerability VCID-qxz4-rh86-cfcu
70
vulnerability VCID-rgfy-hqz1-zyb4
71
vulnerability VCID-rhp2-bwp6-k3d4
72
vulnerability VCID-rv3b-5ja1-dkdv
73
vulnerability VCID-t1ba-h3yd-yydc
74
vulnerability VCID-t5m6-39fh-zfhg
75
vulnerability VCID-tk7j-4vsm-e7c6
76
vulnerability VCID-tn7z-sztq-hbax
77
vulnerability VCID-u3gt-rhgh-p7ax
78
vulnerability VCID-uv6e-ctrt-eycw
79
vulnerability VCID-v7r7-xtq1-gug6
80
vulnerability VCID-v7ru-7kga-2bet
81
vulnerability VCID-vjad-xkj2-nygh
82
vulnerability VCID-vthq-tuqs-5fg9
83
vulnerability VCID-vvzs-mjes-e3eq
84
vulnerability VCID-wdvt-5z3a-5bc2
85
vulnerability VCID-weqh-3ye3-nbbp
86
vulnerability VCID-xde9-dz52-1fgp
87
vulnerability VCID-xm9z-aqhf-uqft
88
vulnerability VCID-y9ew-ydqv-4kbf
89
vulnerability VCID-yh52-jggb-jfgx
90
vulnerability VCID-yjgp-6ntk-xbc3
91
vulnerability VCID-ypqs-5ju2-hkcz
92
vulnerability VCID-yzdu-4cnk-5uft
93
vulnerability VCID-z8qf-cqwg-zkan
94
vulnerability VCID-zacs-wg6m-qyg4
95
vulnerability VCID-zgzb-haur-s7aq
96
vulnerability VCID-zwsv-4q8h-x3e7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20759, GHSA-59vf-hjxc-f9c5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwb9-yxzn-zub5
28
url VCID-jede-wz7z-2ugt
vulnerability_id VCID-jede-wz7z-2ugt
summary 
Magento Open Source has Improper Input Validation Vulnerability
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26367
reference_id
reference_type
scores
0
value 0.00363
scoring_system epss
scoring_elements 0.58651
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26367
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:12Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26367
reference_id CVE-2023-26367
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26367
4
reference_url https://github.com/advisories/GHSA-9mx6-4gg4-85xj
reference_id GHSA-9mx6-4gg4-85xj
reference_type
scores
url https://github.com/advisories/GHSA-9mx6-4gg4-85xj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-26367, GHSA-9mx6-4gg4-85xj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jede-wz7z-2ugt
29
url VCID-jew7-2yd7-8ffp
vulnerability_id VCID-jew7-2yd7-8ffp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35689
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65739
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35689
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb22-48.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:52Z/
url https://helpx.adobe.com/security/products/magento/apsb22-48.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35689
reference_id CVE-2022-35689
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35689
4
reference_url https://github.com/advisories/GHSA-5fxx-jwjm-x9hj
reference_id GHSA-5fxx-jwjm-x9hj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fxx-jwjm-x9hj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p2
purl pkg:composer/magento/community-edition@2.4.4-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-umy7-aq5d-vfhj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p2
aliases CVE-2022-35689, GHSA-5fxx-jwjm-x9hj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jew7-2yd7-8ffp
30
url VCID-jg5k-6vqh-57ey
vulnerability_id VCID-jg5k-6vqh-57ey
summary 
Magento Open Source allows SQL Injection
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38249
reference_id
reference_type
scores
0
value 0.01841
scoring_system epss
scoring_elements 0.83283
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38249
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38249
reference_id CVE-2023-38249
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38249
4
reference_url https://github.com/advisories/GHSA-rq36-9f5f-2gw7
reference_id GHSA-rq36-9f5f-2gw7
reference_type
scores
url https://github.com/advisories/GHSA-rq36-9f5f-2gw7
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38249, GHSA-rq36-9f5f-2gw7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jg5k-6vqh-57ey
31
url VCID-kj9m-ccf8-gyep
vulnerability_id VCID-kj9m-ccf8-gyep
summary 
Magento Open Source allows Information Exposure
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29287
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54233
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29287
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:07Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29287
reference_id CVE-2023-29287
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29287
4
reference_url https://github.com/advisories/GHSA-85m4-g9vq-xpxj
reference_id GHSA-85m4-g9vq-xpxj
reference_type
scores
url https://github.com/advisories/GHSA-85m4-g9vq-xpxj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29287, GHSA-85m4-g9vq-xpxj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj9m-ccf8-gyep
32
url VCID-mgnu-rgqb-h7cw
vulnerability_id VCID-mgnu-rgqb-h7cw
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35698
reference_id
reference_type
scores
0
value 0.02186
scoring_system epss
scoring_elements 0.8465
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35698
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb22-48.html
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:07:24Z/
url https://helpx.adobe.com/security/products/magento/apsb22-48.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35698
reference_id CVE-2022-35698
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35698
4
reference_url https://github.com/advisories/GHSA-4vj2-426r-jm3g
reference_id GHSA-4vj2-426r-jm3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vj2-426r-jm3g
fixed_packages
aliases CVE-2022-35698, GHSA-4vj2-426r-jm3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mgnu-rgqb-h7cw
33
url VCID-ntcr-n7fp-j3ab
vulnerability_id VCID-ntcr-n7fp-j3ab
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39399
reference_id
reference_type
scores
0
value 0.00842
scoring_system epss
scoring_elements 0.75054
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39399
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T14:09:03Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39399
reference_id CVE-2024-39399
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39399
4
reference_url https://github.com/advisories/GHSA-7r99-8wqp-h7pc
reference_id GHSA-7r99-8wqp-h7pc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r99-8wqp-h7pc
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39399, GHSA-7r99-8wqp-h7pc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntcr-n7fp-j3ab
34
url VCID-pqpk-dh2p-4yc8
vulnerability_id VCID-pqpk-dh2p-4yc8
summary 
Magento Open Source allows Improper Input Validation
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
reference_id
reference_type
scores
0
value 0.02201
scoring_system epss
scoring_elements 0.84703
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
reference_id CVE-2024-20758
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
4
reference_url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
reference_id GHSA-wh4m-6rh3-p4rq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11ed-qtc7-bqbg
1
vulnerability VCID-17xq-rhcp-z3hj
2
vulnerability VCID-1wxk-rhfp-qqgp
3
vulnerability VCID-1yj1-79jb-wyht
4
vulnerability VCID-2495-ugn7-v7fk
5
vulnerability VCID-27w8-khpp-c7hk
6
vulnerability VCID-29fa-krur-qqbv
7
vulnerability VCID-2eq5-hm5y-f3f4
8
vulnerability VCID-3hcd-r9gs-cfgh
9
vulnerability VCID-3jns-w9p4-jyca
10
vulnerability VCID-3sn5-689e-cbhk
11
vulnerability VCID-3tpy-wktb-wqdj
12
vulnerability VCID-3v4v-ysx5-77gs
13
vulnerability VCID-3vpy-uswf-5ugc
14
vulnerability VCID-3wnx-e9kp-fkg7
15
vulnerability VCID-46mz-swkk-suhn
16
vulnerability VCID-4kg3-wkw1-vqhy
17
vulnerability VCID-4w8w-6563-3kfb
18
vulnerability VCID-53d5-qzm4-vfgs
19
vulnerability VCID-5bn1-w5sa-ubft
20
vulnerability VCID-5du3-fvj3-87h7
21
vulnerability VCID-5fmh-e4j7-nbcf
22
vulnerability VCID-5tkb-ngcw-t7ap
23
vulnerability VCID-6g84-aswq-5kfb
24
vulnerability VCID-6mxj-tzme-zyhb
25
vulnerability VCID-6srg-smmw-hycj
26
vulnerability VCID-7dbc-v42e-j7d6
27
vulnerability VCID-7dzy-1fxw-xfes
28
vulnerability VCID-8crc-kmpq-63bd
29
vulnerability VCID-94sc-9fyk-2uay
30
vulnerability VCID-96gx-zvab-yyhe
31
vulnerability VCID-9gte-ub5c-mqas
32
vulnerability VCID-a2mn-k8qn-j7c9
33
vulnerability VCID-a9hc-nhv2-7ubx
34
vulnerability VCID-ac6e-denb-w7hy
35
vulnerability VCID-annu-j9a3-xkhs
36
vulnerability VCID-ctr3-kt63-hybf
37
vulnerability VCID-d372-f5hu-1bhr
38
vulnerability VCID-d6u8-dhmd-x3ed
39
vulnerability VCID-dqfx-d99q-jyd1
40
vulnerability VCID-ekn2-uahd-4qgw
41
vulnerability VCID-enwr-t7r8-xyge
42
vulnerability VCID-euam-6b48-suhg
43
vulnerability VCID-ewjp-uxup-gqex
44
vulnerability VCID-f5jj-23tj-wkbu
45
vulnerability VCID-f6vc-8z9a-cqej
46
vulnerability VCID-ft2p-3a61-wudj
47
vulnerability VCID-gdh1-vff1-cfc2
48
vulnerability VCID-gf2z-99wt-3qcg
49
vulnerability VCID-gkb3-ddu2-qyg6
50
vulnerability VCID-gyd8-hu6s-wkgt
51
vulnerability VCID-hbre-ty72-g7gy
52
vulnerability VCID-hcbc-9c78-yye6
53
vulnerability VCID-jbs3-xb4d-j3gz
54
vulnerability VCID-jbzd-yjne-6ucr
55
vulnerability VCID-jede-wz7z-2ugt
56
vulnerability VCID-jehy-k235-4ua9
57
vulnerability VCID-jg5k-6vqh-57ey
58
vulnerability VCID-jnsk-z1qy-8uh7
59
vulnerability VCID-k55s-dcep-mbbk
60
vulnerability VCID-khdx-kb5m-qyd7
61
vulnerability VCID-kumb-xzbe-5fb3
62
vulnerability VCID-mcuv-294k-5qc4
63
vulnerability VCID-mgk4-9tan-a7fj
64
vulnerability VCID-mgxx-zdm4-9fe7
65
vulnerability VCID-mwg1-4tbg-53cg
66
vulnerability VCID-ntcr-n7fp-j3ab
67
vulnerability VCID-p84d-d8gt-ukck
68
vulnerability VCID-qsq4-2nz1-p7hu
69
vulnerability VCID-qxz4-rh86-cfcu
70
vulnerability VCID-rgfy-hqz1-zyb4
71
vulnerability VCID-rhp2-bwp6-k3d4
72
vulnerability VCID-rv3b-5ja1-dkdv
73
vulnerability VCID-t1ba-h3yd-yydc
74
vulnerability VCID-t5m6-39fh-zfhg
75
vulnerability VCID-tk7j-4vsm-e7c6
76
vulnerability VCID-tn7z-sztq-hbax
77
vulnerability VCID-u3gt-rhgh-p7ax
78
vulnerability VCID-uv6e-ctrt-eycw
79
vulnerability VCID-v7r7-xtq1-gug6
80
vulnerability VCID-v7ru-7kga-2bet
81
vulnerability VCID-vjad-xkj2-nygh
82
vulnerability VCID-vthq-tuqs-5fg9
83
vulnerability VCID-vvzs-mjes-e3eq
84
vulnerability VCID-wdvt-5z3a-5bc2
85
vulnerability VCID-weqh-3ye3-nbbp
86
vulnerability VCID-xde9-dz52-1fgp
87
vulnerability VCID-xm9z-aqhf-uqft
88
vulnerability VCID-y9ew-ydqv-4kbf
89
vulnerability VCID-yh52-jggb-jfgx
90
vulnerability VCID-yjgp-6ntk-xbc3
91
vulnerability VCID-ypqs-5ju2-hkcz
92
vulnerability VCID-yzdu-4cnk-5uft
93
vulnerability VCID-z8qf-cqwg-zkan
94
vulnerability VCID-zacs-wg6m-qyg4
95
vulnerability VCID-zgzb-haur-s7aq
96
vulnerability VCID-zwsv-4q8h-x3e7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20758, GHSA-wh4m-6rh3-p4rq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqpk-dh2p-4yc8
35
url VCID-qxz4-rh86-cfcu
vulnerability_id VCID-qxz4-rh86-cfcu
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39418
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56023
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39418
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:28Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39418
reference_id CVE-2024-39418
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39418
4
reference_url https://github.com/advisories/GHSA-gvgf-pvh5-vjh4
reference_id GHSA-gvgf-pvh5-vjh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvgf-pvh5-vjh4
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39418, GHSA-gvgf-pvh5-vjh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxz4-rh86-cfcu
36
url VCID-rmqf-8w57-uydk
vulnerability_id VCID-rmqf-8w57-uydk
summary 
Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38207
reference_id
reference_type
scores
0
value 0.01136
scoring_system epss
scoring_elements 0.78689
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38207
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-42.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:21Z/
url https://helpx.adobe.com/security/products/magento/apsb23-42.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38207
reference_id CVE-2023-38207
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38207
4
reference_url https://github.com/advisories/GHSA-rpv2-g4pc-wp72
reference_id GHSA-rpv2-g4pc-wp72
reference_type
scores
url https://github.com/advisories/GHSA-rpv2-g4pc-wp72
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p5
purl pkg:composer/magento/community-edition@2.4.4-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p5
1
url pkg:composer/magento/community-edition@2.4.5-p4
purl pkg:composer/magento/community-edition@2.4.5-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4
2
url pkg:composer/magento/community-edition@2.4.6-p2
purl pkg:composer/magento/community-edition@2.4.6-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2
aliases CVE-2023-38207, GHSA-rpv2-g4pc-wp72
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmqf-8w57-uydk
37
url VCID-u3gt-rhgh-p7ax
vulnerability_id VCID-u3gt-rhgh-p7ax
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39403
reference_id
reference_type
scores
0
value 0.02812
scoring_system epss
scoring_elements 0.86389
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39403
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-61.html
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:14Z/
url https://helpx.adobe.com/security/products/magento/apsb24-61.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39403
reference_id CVE-2024-39403
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39403
4
reference_url https://github.com/advisories/GHSA-mmp7-8cg4-9wrg
reference_id GHSA-mmp7-8cg4-9wrg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmp7-8cg4-9wrg
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p10
purl pkg:composer/magento/community-edition@2.4.4-p10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p10
1
url pkg:composer/magento/community-edition@2.4.5-p9
purl pkg:composer/magento/community-edition@2.4.5-p9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9
2
url pkg:composer/magento/community-edition@2.4.6-p7
purl pkg:composer/magento/community-edition@2.4.6-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7
3
url pkg:composer/magento/community-edition@2.4.7-p2
purl pkg:composer/magento/community-edition@2.4.7-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2
aliases CVE-2024-39403, GHSA-mmp7-8cg4-9wrg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3gt-rhgh-p7ax
38
url VCID-ub5g-fuqv-xqej
vulnerability_id VCID-ub5g-fuqv-xqej
summary 
Magento Open Source affected by Improper Input Validation
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29293
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14203
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29293
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:13Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29293
reference_id CVE-2023-29293
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29293
4
reference_url https://github.com/advisories/GHSA-66c9-xrwj-9xv6
reference_id GHSA-66c9-xrwj-9xv6
reference_type
scores
url https://github.com/advisories/GHSA-66c9-xrwj-9xv6
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29293, GHSA-66c9-xrwj-9xv6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub5g-fuqv-xqej
39
url VCID-ueg1-1xj3-aqcq
vulnerability_id VCID-ueg1-1xj3-aqcq
summary 
Magento Open Source allows SQL Injection
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38221
reference_id
reference_type
scores
0
value 0.01841
scoring_system epss
scoring_elements 0.83283
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38221
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:37Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38221
reference_id CVE-2023-38221
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38221
4
reference_url https://github.com/advisories/GHSA-ggr8-3hwx-4f2m
reference_id GHSA-ggr8-3hwx-4f2m
reference_type
scores
url https://github.com/advisories/GHSA-ggr8-3hwx-4f2m
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38221, GHSA-ggr8-3hwx-4f2m
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueg1-1xj3-aqcq
40
url VCID-umy7-aq5d-vfhj
vulnerability_id VCID-umy7-aq5d-vfhj
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22249
reference_id
reference_type
scores
0
value 0.05206
scoring_system epss
scoring_elements 0.90079
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22249
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:51Z/
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22249
reference_id CVE-2023-22249
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22249
4
reference_url https://github.com/advisories/GHSA-fxcr-gvcw-hmqm
reference_id GHSA-fxcr-gvcw-hmqm
reference_type
scores
url https://github.com/advisories/GHSA-fxcr-gvcw-hmqm
fixed_packages
aliases CVE-2023-22249, GHSA-fxcr-gvcw-hmqm
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umy7-aq5d-vfhj
41
url VCID-vt4j-zfwn-m3cd
vulnerability_id VCID-vt4j-zfwn-m3cd
summary 
Magento Open Source allows Improper Authorization
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38220
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35687
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38220
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:06Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38220
reference_id CVE-2023-38220
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38220
4
reference_url https://github.com/advisories/GHSA-grc6-r6f8-xj7c
reference_id GHSA-grc6-r6f8-xj7c
reference_type
scores
url https://github.com/advisories/GHSA-grc6-r6f8-xj7c
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38220, GHSA-grc6-r6f8-xj7c
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vt4j-zfwn-m3cd
42
url VCID-whzv-vgev-rqd4
vulnerability_id VCID-whzv-vgev-rqd4
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20719
reference_id
reference_type
scores
0
value 0.01149
scoring_system epss
scoring_elements 0.78796
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20719
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-03.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T05:00:29Z/
url https://helpx.adobe.com/security/products/magento/apsb24-03.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20719
reference_id CVE-2024-20719
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20719
4
reference_url https://github.com/advisories/GHSA-264g-f7v8-q5qq
reference_id GHSA-264g-f7v8-q5qq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-264g-f7v8-q5qq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p7
purl pkg:composer/magento/community-edition@2.4.4-p7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p7
1
url pkg:composer/magento/community-edition@2.4.5-p6
purl pkg:composer/magento/community-edition@2.4.5-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6
2
url pkg:composer/magento/community-edition@2.4.6-p4
purl pkg:composer/magento/community-edition@2.4.6-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4
aliases CVE-2024-20719, GHSA-264g-f7v8-q5qq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whzv-vgev-rqd4
43
url VCID-wv9y-3kyz-hbgq
vulnerability_id VCID-wv9y-3kyz-hbgq
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22251
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41868
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22251
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:47Z/
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22251
reference_id CVE-2023-22251
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22251
4
reference_url https://github.com/advisories/GHSA-2wm7-mmgc-qxr3
reference_id GHSA-2wm7-mmgc-qxr3
reference_type
scores
url https://github.com/advisories/GHSA-2wm7-mmgc-qxr3
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22251, GHSA-2wm7-mmgc-qxr3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wv9y-3kyz-hbgq
44
url VCID-xhej-jypg-7fah
vulnerability_id VCID-xhej-jypg-7fah
summary 
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29291
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.68792
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29291
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:20Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29291
reference_id CVE-2023-29291
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29291
4
reference_url https://github.com/advisories/GHSA-5f79-vhr4-vw2r
reference_id GHSA-5f79-vhr4-vw2r
reference_type
scores
url https://github.com/advisories/GHSA-5f79-vhr4-vw2r
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29291, GHSA-5f79-vhr4-vw2r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhej-jypg-7fah
45
url VCID-ypqs-5ju2-hkcz
vulnerability_id VCID-ypqs-5ju2-hkcz
summary 
Magento Open Source allows SQL Injection
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38250
reference_id
reference_type
scores
0
value 0.01841
scoring_system epss
scoring_elements 0.83283
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38250
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-50.html
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/
url https://helpx.adobe.com/security/products/magento/apsb23-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38250
reference_id CVE-2023-38250
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38250
4
reference_url https://github.com/advisories/GHSA-h3g9-cwr6-hphx
reference_id GHSA-h3g9-cwr6-hphx
reference_type
scores
url https://github.com/advisories/GHSA-h3g9-cwr6-hphx
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p6
purl pkg:composer/magento/community-edition@2.4.4-p6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p6
1
url pkg:composer/magento/community-edition@2.4.5-p5
purl pkg:composer/magento/community-edition@2.4.5-p5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5
2
url pkg:composer/magento/community-edition@2.4.6-p3
purl pkg:composer/magento/community-edition@2.4.6-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3
3
url pkg:composer/magento/community-edition@2.4.7-beta2
purl pkg:composer/magento/community-edition@2.4.7-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2
aliases CVE-2023-38250, GHSA-h3g9-cwr6-hphx
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypqs-5ju2-hkcz
46
url VCID-zndr-m4hp-gue2
vulnerability_id VCID-zndr-m4hp-gue2
summary 
Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22247
reference_id
reference_type
scores
0
value 0.04774
scoring_system epss
scoring_elements 0.89628
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22247
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-17.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:24Z/
url https://helpx.adobe.com/security/products/magento/apsb23-17.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22247
reference_id CVE-2023-22247
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22247
4
reference_url https://github.com/advisories/GHSA-2444-8gj8-6fmx
reference_id GHSA-2444-8gj8-6fmx
reference_type
scores
url https://github.com/advisories/GHSA-2444-8gj8-6fmx
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p3
purl pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3
1
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
aliases CVE-2023-22247, GHSA-2444-8gj8-6fmx
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zndr-m4hp-gue2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p1