Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/magento/community-edition@2.4.4-p3

Type composer

Namespace magento

Name community-edition

Version 2.4.4-p3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.4.4-p4

Latest_non_vulnerable_version 2.4.9-alpha3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2gjv-y49y-4yh7

vulnerability_id VCID-2gjv-y49y-4yh7

summary

Magento Open Source allows Improper Access Control
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22250

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63289
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22250

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:21Z/

url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22250

reference_id

CVE-2023-22250

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22250

reference_url

https://github.com/advisories/GHSA-4h7p-4vq8-g2gh

reference_id

GHSA-4h7p-4vq8-g2gh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4h7p-4vq8-g2gh

fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p3
purl	pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3

url	pkg:composer/magento/community-edition@2.4.5-p2
purl	pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2

aliases CVE-2023-22250, GHSA-4h7p-4vq8-g2gh

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gjv-y49y-4yh7

url VCID-wv9y-3kyz-hbgq

vulnerability_id VCID-wv9y-3kyz-hbgq

summary

Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22251

reference_id

reference_type

scores

value	0.00199
scoring_system	epss
scoring_elements	0.41868
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22251

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:47Z/

url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22251

reference_id

CVE-2023-22251

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22251

reference_url

https://github.com/advisories/GHSA-2wm7-mmgc-qxr3

reference_id

GHSA-2wm7-mmgc-qxr3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2wm7-mmgc-qxr3

fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p3
purl	pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3

url	pkg:composer/magento/community-edition@2.4.5-p2
purl	pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2

aliases CVE-2023-22251, GHSA-2wm7-mmgc-qxr3

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wv9y-3kyz-hbgq

url VCID-zndr-m4hp-gue2

vulnerability_id VCID-zndr-m4hp-gue2

summary

Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22247

reference_id

reference_type

scores

value	0.04774
scoring_system	epss
scoring_elements	0.89628
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22247

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:24Z/

url

https://helpx.adobe.com/security/products/magento/apsb23-17.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22247

reference_id

CVE-2023-22247

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22247

reference_url

https://github.com/advisories/GHSA-2444-8gj8-6fmx

reference_id

GHSA-2444-8gj8-6fmx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2444-8gj8-6fmx

fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p3
purl	pkg:composer/magento/community-edition@2.4.4-p3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3

url	pkg:composer/magento/community-edition@2.4.5-p2
purl	pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2

aliases CVE-2023-22247, GHSA-2444-8gj8-6fmx

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zndr-m4hp-gue2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p3

Package Instance