Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/core@6.6.8.2
Typecomposer
Namespaceshopware
Namecore
Version6.6.8.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.10.15
Latest_non_vulnerable_version6.7.8.1
Affected_by_vulnerabilities
0
url VCID-43zt-wnjy-rudk
vulnerability_id VCID-43zt-wnjy-rudk
summary Shopware vulnerable to path traversal via Plugin upload
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wh5-mw9h-5c3w
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
reference_id GHSA-6wh5-mw9h-5c3w
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-6wh5-mw9h-5c3w
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-6wh5-mw9h-5c3w
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43zt-wnjy-rudk
1
url VCID-5b7t-vavj-efae
vulnerability_id VCID-5b7t-vavj-efae
summary Shopware Customer Orders can be canceled, even if refunds are disabled
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/b157508aef2c820e7ff89ebd5848d3019f22b592
2
reference_url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2vg-hvjm-fg38
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
reference_id GHSA-r2vg-hvjm-fg38
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-r2vg-hvjm-fg38
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-r2vg-hvjm-fg38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5b7t-vavj-efae
2
url VCID-637f-zxjb-8ufn
vulnerability_id VCID-637f-zxjb-8ufn
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The "not found" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-06-11T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17628
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17654
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17636
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
reference_id CVE-2026-31888
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
3
reference_url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:39Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31888, GHSA-gqc5-xv7m-gcjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-637f-zxjb-8ufn
3
url VCID-6tys-6s4d-fqcm
vulnerability_id VCID-6tys-6s4d-fqcm
summary 
Shopware Broken ACL on Document retrieval to access other customers documents
### Impact
It's possible to guess the deepLinkCode of an Document to open documents of other customers

### Patches
Update to Shopware 6.6.10.3 or 6.5.8.17

### Workarounds
For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q
5
reference_url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
reference_id GHSA-68wv-g3fw-pq7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68wv-g3fw-pq7q
fixed_packages
0
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
1
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
2
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
3
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases GHSA-68wv-g3fw-pq7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tys-6s4d-fqcm
4
url VCID-a8xu-y9nr-9uag
vulnerability_id VCID-a8xu-y9nr-9uag
summary Shopware 6's password recovery link does not expire after email change
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/1338dd9a11e361639704bf8f09b6878552eb8c13
2
reference_url https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/2fb94855696a90045b81c503d216ba7df8e64e52
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.9
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.9
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0
5
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.4.1
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.4.1
6
reference_url https://github.com/advisories/GHSA-2w46-vq8h-98vh
reference_id GHSA-2w46-vq8h-98vh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2w46-vq8h-98vh
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh
reference_id GHSA-2w46-vq8h-98vh
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-2w46-vq8h-98vh
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B9
purl pkg:composer/shopware/core@6.6.10%2B9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B9
1
url pkg:composer/shopware/core@6.6.10.9
purl pkg:composer/shopware/core@6.6.10.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.9
2
url pkg:composer/shopware/core@6.7.4%2B1
purl pkg:composer/shopware/core@6.7.4%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4%252B1
3
url pkg:composer/shopware/core@6.7.4.1
purl pkg:composer/shopware/core@6.7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-dqba-4hk6-eud2
3
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.4.1
aliases GHSA-2w46-vq8h-98vh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xu-y9nr-9uag
5
url VCID-dqba-4hk6-eud2
vulnerability_id VCID-dqba-4hk6-eud2
summary Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26177
published_at 2026-06-11T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26375
published_at 2026-06-14T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.2639
published_at 2026-06-13T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26378
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
reference_id CVE-2026-31889
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
3
reference_url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:04:03Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31889, GHSA-c4p7-rwrg-pf6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqba-4hk6-eud2
6
url VCID-nhdh-f91b-kuex
vulnerability_id VCID-nhdh-f91b-kuex
summary Shopware exposes sensitive user information via CSV export mapping
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/c2c98050aff7b90fe7232f6dac9b6b7143183083
2
reference_url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27c9-vp3w-6ww8
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
reference_id GHSA-27c9-vp3w-6ww8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-27c9-vp3w-6ww8
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-27c9-vp3w-6ww8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhdh-f91b-kuex
7
url VCID-nzcj-wu6c-pfgw
vulnerability_id VCID-nzcj-wu6c-pfgw
summary Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/f32737b34798d4800b81c67efee17905380d2be4
2
reference_url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cpp-fv95-mpr5
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
reference_id GHSA-3cpp-fv95-mpr5
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-3cpp-fv95-mpr5
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-3cpp-fv95-mpr5
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcj-wu6c-pfgw
8
url VCID-sjfg-863y-c3fp
vulnerability_id VCID-sjfg-863y-c3fp
summary Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually
references
0
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
1
reference_url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/commit/0965b35a527756faab2cec5a4ff172d79b0f99be
2
reference_url https://github.com/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m895-2hj3-8cg9
3
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
reference_id GHSA-m895-2hj3-8cg9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/security/advisories/GHSA-m895-2hj3-8cg9
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B7
purl pkg:composer/shopware/core@6.6.10%2B7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B7
1
url pkg:composer/shopware/core@6.6.10.7
purl pkg:composer/shopware/core@6.6.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xu-y9nr-9uag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.7
2
url pkg:composer/shopware/core@6.7.3%2B1
purl pkg:composer/shopware/core@6.7.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3%252B1
3
url pkg:composer/shopware/core@6.7.3.1
purl pkg:composer/shopware/core@6.7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nnv-aqdx-x3gr
1
vulnerability VCID-637f-zxjb-8ufn
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-dqba-4hk6-eud2
4
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.3.1
aliases GHSA-m895-2hj3-8cg9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjfg-863y-c3fp
9
url VCID-sq4j-drbr-fub6
vulnerability_id VCID-sq4j-drbr-fub6
summary Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.74498
published_at 2026-06-13T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.74495
published_at 2026-06-14T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.74411
published_at 2026-06-11T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.74484
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30151
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30151
6
reference_url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgfj-hj93-rmh2
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
reference_id GHSA-cgfj-hj93-rmh2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:47:17Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2
fixed_packages
0
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
1
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
2
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
3
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-30151, GHSA-cgfj-hj93-rmh2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4j-drbr-fub6
10
url VCID-stdp-p5h7-3kg3
vulnerability_id VCID-stdp-p5h7-3kg3
summary Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
reference_id
reference_type
scores
0
value 0.00619
scoring_system epss
scoring_elements 0.70601
published_at 2026-06-14T12:55:00Z
1
value 0.00619
scoring_system epss
scoring_elements 0.70604
published_at 2026-06-13T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74708
published_at 2026-06-12T12:55:00Z
3
value 0.00808
scoring_system epss
scoring_elements 0.74636
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30150
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30150
6
reference_url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hh7j-6x3q-f52h
7
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
reference_id GHSA-hh7j-6x3q-f52h
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T18:45:06Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-hh7j-6x3q-f52h
fixed_packages
0
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
1
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
2
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
3
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-30150, GHSA-hh7j-6x3q-f52h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stdp-p5h7-3kg3
11
url VCID-u41w-g79s-eyez
vulnerability_id VCID-u41w-g79s-eyez
summary Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
reference_id
reference_type
scores
0
value 0.01246
scoring_system epss
scoring_elements 0.79772
published_at 2026-06-12T12:55:00Z
1
value 0.01246
scoring_system epss
scoring_elements 0.79784
published_at 2026-06-14T12:55:00Z
2
value 0.01246
scoring_system epss
scoring_elements 0.7979
published_at 2026-06-13T12:55:00Z
3
value 0.01246
scoring_system epss
scoring_elements 0.79707
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27892
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.5.8.17
3
reference_url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.6.10.3
4
reference_url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27892
6
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
7
reference_url https://github.com/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g35-7rmw-7f59
8
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
reference_id GHSA-8g35-7rmw-7f59
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
9
reference_url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
reference_id rt-sa-2025-001
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-16T14:51:41Z/
url https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
fixed_packages
0
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
1
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
2
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
3
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-27892, GHSA-8g35-7rmw-7f59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u41w-g79s-eyez
12
url VCID-ykq7-2fy3-b7e1
vulnerability_id VCID-ykq7-2fy3-b7e1
summary Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to “instantly active”. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.63782
published_at 2026-06-14T12:55:00Z
1
value 0.00441
scoring_system epss
scoring_elements 0.63668
published_at 2026-06-11T12:55:00Z
2
value 0.00441
scoring_system epss
scoring_elements 0.6377
published_at 2026-06-12T12:55:00Z
3
value 0.00441
scoring_system epss
scoring_elements 0.63783
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32378
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32378
3
reference_url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h9w-7vfp-px8m
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
reference_id GHSA-4h9w-7vfp-px8m
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T17:32:57Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m
fixed_packages
0
url pkg:composer/shopware/core@6.6.10.3
purl pkg:composer/shopware/core@6.6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-5b7t-vavj-efae
2
vulnerability VCID-a8xu-y9nr-9uag
3
vulnerability VCID-nhdh-f91b-kuex
4
vulnerability VCID-nzcj-wu6c-pfgw
5
vulnerability VCID-sjfg-863y-c3fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.3
1
url pkg:composer/shopware/core@6.6.10%2B3
purl pkg:composer/shopware/core@6.6.10%2B3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B3
2
url pkg:composer/shopware/core@6.7.0%2B0-rc2
purl pkg:composer/shopware/core@6.7.0%2B0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0%252B0-rc2
3
url pkg:composer/shopware/core@6.7.0.0-rc2
purl pkg:composer/shopware/core@6.7.0.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-43zt-wnjy-rudk
1
vulnerability VCID-4nnv-aqdx-x3gr
2
vulnerability VCID-5b7t-vavj-efae
3
vulnerability VCID-637f-zxjb-8ufn
4
vulnerability VCID-9men-n7d5-63ct
5
vulnerability VCID-a8xu-y9nr-9uag
6
vulnerability VCID-dqba-4hk6-eud2
7
vulnerability VCID-nhdh-f91b-kuex
8
vulnerability VCID-nzcj-wu6c-pfgw
9
vulnerability VCID-sjfg-863y-c3fp
10
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.0.0-rc2
aliases CVE-2025-32378, GHSA-4h9w-7vfp-px8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykq7-2fy3-b7e1
13
url VCID-zhxv-e8fu-tucd
vulnerability_id VCID-zhxv-e8fu-tucd
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16072
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.1605
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15931
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16084
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
reference_id CVE-2026-31887
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
3
reference_url https://github.com/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vvp-j573-5584
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:07Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
fixed_packages
0
url pkg:composer/shopware/core@6.6.10%2B15
purl pkg:composer/shopware/core@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10%252B15
1
url pkg:composer/shopware/core@6.6.10.15
purl pkg:composer/shopware/core@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.10.15
2
url pkg:composer/shopware/core@6.7.8%2B1
purl pkg:composer/shopware/core@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8%252B1
3
url pkg:composer/shopware/core@6.7.8.1
purl pkg:composer/shopware/core@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.7.8.1
aliases CVE-2026-31887, GHSA-7vvp-j573-5584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxv-e8fu-tucd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/core@6.6.8.2