Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/magento/community-edition@2.4.4-p4
Typecomposer
Namespacemagento
Namecommunity-edition
Version2.4.4-p4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.4.4-p5
Latest_non_vulnerable_version2.4.9-alpha3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1xvu-3fjk-t7ay
vulnerability_id VCID-1xvu-3fjk-t7ay
summary 
Magento Open Source allows Improper Neutralization of Special Elements Used
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29297
reference_id
reference_type
scores
0
value 0.08749
scoring_system epss
scoring_elements 0.92636
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29297
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T18:37:01Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29297
reference_id CVE-2023-29297
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29297
4
reference_url https://github.com/advisories/GHSA-gfmm-ww6f-5mm5
reference_id GHSA-gfmm-ww6f-5mm5
reference_type
scores
url https://github.com/advisories/GHSA-gfmm-ww6f-5mm5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29297, GHSA-gfmm-ww6f-5mm5
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xvu-3fjk-t7ay
1
url VCID-389t-bp5k-yqbw
vulnerability_id VCID-389t-bp5k-yqbw
summary 
Magento Open Source allows XML Injection
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29289
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.58242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29289
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:23Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29289
reference_id CVE-2023-29289
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29289
4
reference_url https://github.com/advisories/GHSA-wh42-8r2w-873x
reference_id GHSA-wh42-8r2w-873x
reference_type
scores
url https://github.com/advisories/GHSA-wh42-8r2w-873x
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29289, GHSA-wh42-8r2w-873x
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-389t-bp5k-yqbw
2
url VCID-4rga-e18t-myh6
vulnerability_id VCID-4rga-e18t-myh6
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29288
reference_id
reference_type
scores
0
value 0.00164
scoring_system epss
scoring_elements 0.37058
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29288
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:27Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29288
reference_id CVE-2023-29288
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29288
4
reference_url https://github.com/advisories/GHSA-f989-3fp9-q3r2
reference_id GHSA-f989-3fp9-q3r2
reference_type
scores
url https://github.com/advisories/GHSA-f989-3fp9-q3r2
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29288, GHSA-f989-3fp9-q3r2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rga-e18t-myh6
3
url VCID-6gue-nxx5-u3h6
vulnerability_id VCID-6gue-nxx5-u3h6
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29295
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29295
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:06Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29295
reference_id CVE-2023-29295
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29295
4
reference_url https://github.com/advisories/GHSA-354h-fpmq-68v7
reference_id GHSA-354h-fpmq-68v7
reference_type
scores
url https://github.com/advisories/GHSA-354h-fpmq-68v7
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29295, GHSA-354h-fpmq-68v7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gue-nxx5-u3h6
4
url VCID-8wm3-xqbd-zqf5
vulnerability_id VCID-8wm3-xqbd-zqf5
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29290
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34763
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29290
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:03Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29290
reference_id CVE-2023-29290
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29290
4
reference_url https://github.com/advisories/GHSA-qw5m-vmp3-f553
reference_id GHSA-qw5m-vmp3-f553
reference_type
scores
url https://github.com/advisories/GHSA-qw5m-vmp3-f553
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29290, GHSA-qw5m-vmp3-f553
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wm3-xqbd-zqf5
5
url VCID-9u6k-hbxd-8bds
vulnerability_id VCID-9u6k-hbxd-8bds
summary 
Magento Open Source has Business Logic Errors Vulnerability
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29294
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41646
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29294
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:09Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29294
reference_id CVE-2023-29294
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29294
4
reference_url https://github.com/advisories/GHSA-28vp-39rf-3q2j
reference_id GHSA-28vp-39rf-3q2j
reference_type
scores
url https://github.com/advisories/GHSA-28vp-39rf-3q2j
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29294, GHSA-28vp-39rf-3q2j
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u6k-hbxd-8bds
6
url VCID-9v4c-gauv-wyh2
vulnerability_id VCID-9v4c-gauv-wyh2
summary 
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29292
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.64866
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29292
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:16Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29292
reference_id CVE-2023-29292
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29292
4
reference_url https://github.com/advisories/GHSA-4588-7x48-jrgj
reference_id GHSA-4588-7x48-jrgj
reference_type
scores
url https://github.com/advisories/GHSA-4588-7x48-jrgj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29292, GHSA-4588-7x48-jrgj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v4c-gauv-wyh2
7
url VCID-b6wy-nzzg-k3em
vulnerability_id VCID-b6wy-nzzg-k3em
summary 
Magento Open Source affected by Improper Input Validation
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22248
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37862
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22248
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:10Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22248
reference_id CVE-2023-22248
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22248
4
reference_url https://github.com/advisories/GHSA-5jfg-phx7-7fxg
reference_id GHSA-5jfg-phx7-7fxg
reference_type
scores
url https://github.com/advisories/GHSA-5jfg-phx7-7fxg
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
2
url pkg:composer/magento/community-edition@2.4.5-p4
purl pkg:composer/magento/community-edition@2.4.5-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4
aliases CVE-2023-22248, GHSA-5jfg-phx7-7fxg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6wy-nzzg-k3em
8
url VCID-de3q-b1v4-bybu
vulnerability_id VCID-de3q-b1v4-bybu
summary 
Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29296
reference_id
reference_type
scores
0
value 0.0012
scoring_system epss
scoring_elements 0.30666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29296
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:03Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29296
reference_id CVE-2023-29296
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29296
4
reference_url https://github.com/advisories/GHSA-3qr4-w96f-672v
reference_id GHSA-3qr4-w96f-672v
reference_type
scores
url https://github.com/advisories/GHSA-3qr4-w96f-672v
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29296, GHSA-3qr4-w96f-672v
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de3q-b1v4-bybu
9
url VCID-kj9m-ccf8-gyep
vulnerability_id VCID-kj9m-ccf8-gyep
summary 
Magento Open Source allows Information Exposure
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29287
reference_id
reference_type
scores
0
value 0.00308
scoring_system epss
scoring_elements 0.54233
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29287
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:07Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29287
reference_id CVE-2023-29287
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29287
4
reference_url https://github.com/advisories/GHSA-85m4-g9vq-xpxj
reference_id GHSA-85m4-g9vq-xpxj
reference_type
scores
url https://github.com/advisories/GHSA-85m4-g9vq-xpxj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29287, GHSA-85m4-g9vq-xpxj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj9m-ccf8-gyep
10
url VCID-ub5g-fuqv-xqej
vulnerability_id VCID-ub5g-fuqv-xqej
summary 
Magento Open Source affected by Improper Input Validation
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29293
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14203
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29293
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:13Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29293
reference_id CVE-2023-29293
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29293
4
reference_url https://github.com/advisories/GHSA-66c9-xrwj-9xv6
reference_id GHSA-66c9-xrwj-9xv6
reference_type
scores
url https://github.com/advisories/GHSA-66c9-xrwj-9xv6
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29293, GHSA-66c9-xrwj-9xv6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub5g-fuqv-xqej
11
url VCID-xhej-jypg-7fah
vulnerability_id VCID-xhej-jypg-7fah
summary 
Magento Open Source allows Server-Side Request Forgery (SSRF)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29291
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.68792
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29291
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb23-35.html
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:20Z/
url https://helpx.adobe.com/security/products/magento/apsb23-35.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29291
reference_id CVE-2023-29291
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29291
4
reference_url https://github.com/advisories/GHSA-5f79-vhr4-vw2r
reference_id GHSA-5f79-vhr4-vw2r
reference_type
scores
url https://github.com/advisories/GHSA-5f79-vhr4-vw2r
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p4
purl pkg:composer/magento/community-edition@2.4.4-p4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4
1
url pkg:composer/magento/community-edition@2.4.5-p3
purl pkg:composer/magento/community-edition@2.4.5-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3
aliases CVE-2023-29291, GHSA-5f79-vhr4-vw2r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhej-jypg-7fah
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p4