Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/shopware/shopware@5.1.0
purl pkg:composer/shopware/shopware@5.1.0
Next non-vulnerable version 5.6.1
Latest non-vulnerable version 5.7.18
Risk 3.1
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-6cb3-b3qq-juap
Aliases:
CVE-2019-12799
GHSA-rf8f-hqjv-986p
Deserialization of Untrusted Data In `createInstanceFromNamedArguments` in Shopware, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution.
5.6.1
Affected by 0 other vulnerabilities.
VCID-bq87-fjfh-m7fx
Aliases:
CVE-2016-3109
GHSA-cj2f-96jq-phpp
Remote Code Execution Vulnerability Under certain conditions it is possible to execute unauthorized code in Shopware.
5.1.5
Affected by 10 other vulnerabilities.
VCID-c3rs-ndfu-c3bq
Aliases:
CVE-2019-12935
GHSA-8qxh-hcr9-2379
Cross-site Scripting Shopware has XSS via the Query String to the `backend/Login` or `backend/Login/load/` URI.
5.5.8
Affected by 1 other vulnerability.
VCID-cdn9-dp2r-fyfg
Aliases:
GMS-2017-341
Code Injection Remote Code Execution Vulnerability in shopware.
5.2.15
Affected by 12 other vulnerabilities.
VCID-ecce-958d-k3fx
Aliases:
CVE-2017-15374
GHSA-mvrx-cmqw-2jgj
Cross-site Scripting Shopware is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend.
5.3.4
Affected by 4 other vulnerabilities.
VCID-gn89-e5je-ybeb
Aliases:
GMS-2017-135
Remote Code Execution Vulnerability Under certain circumstances, it’s possible to execute an authorized foreign code in Shopware.
5.2.25
Affected by 7 other vulnerabilities.
VCID-k6td-39bu-dqa8
Aliases:
GMS-2017-342
Code Injection Remote Code Execution Vulnerability in shopware.
5.2.16
Affected by 9 other vulnerabilities.
VCID-mu45-9nhk-f7a5
Aliases:
CVE-2017-18357
GHSA-6m27-7cqj-2mxw
Externally Controlled Reference to a Resource in Another Sphere Shopware has a PHP Object Instantiation issue via the `sort` parameter to the `loadPreviewAction()` method of the `Shopware_Controllers_Backend_ProductStream` controller, with resultant XXE via instantiation of a `SimpleXMLElement` object.
5.3.4
Affected by 4 other vulnerabilities.
VCID-vzv3-795x-gfhd
Aliases:
CVE-2018-20713
GHSA-42gv-77f4-r3j9
Shopware allows SQL Injection by remote authenticated users.
5.4.3
Affected by 2 other vulnerabilities.
VCID-wh8d-hm8t-vkfm
Aliases:
GMS-2017-343
Code Injection Remote Code Execution Vulnerability in shopware.
5.2.25
Affected by 7 other vulnerabilities.
VCID-ztq4-mw67-d3g4
Aliases:
GMS-2017-106
Remote Code Execution Vulnerability Under certain circumstances, it’s possible to execute an unauthorized foreign code in Shopware.
5.2.16
Affected by 9 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T09:57:38.558242+00:00 GitLab Importer Affected by VCID-c3rs-ndfu-c3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2019-12935.yml 38.6.0
2026-05-31T09:57:29.357762+00:00 GitLab Importer Affected by VCID-6cb3-b3qq-juap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2019-12799.yml 38.6.0
2026-05-31T09:53:03.555225+00:00 GitLab Importer Affected by VCID-vzv3-795x-gfhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2018-20713.yml 38.6.0
2026-05-31T09:53:02.884671+00:00 GitLab Importer Affected by VCID-mu45-9nhk-f7a5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2017-18357.yml 38.6.0
2026-05-31T09:41:04.915157+00:00 GitLab Importer Affected by VCID-ecce-958d-k3fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2017-15374.yml 38.6.0
2026-05-31T09:38:47.415432+00:00 GitLab Importer Affected by VCID-wh8d-hm8t-vkfm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/GMS-2017-343.yml 38.6.0
2026-05-31T09:38:41.592540+00:00 GitLab Importer Affected by VCID-gn89-e5je-ybeb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/GMS-2017-135.yml 38.6.0
2026-05-31T09:38:18.974829+00:00 GitLab Importer Affected by VCID-bq87-fjfh-m7fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2016-3109.yml 38.6.0
2026-05-31T09:37:46.325775+00:00 GitLab Importer Affected by VCID-k6td-39bu-dqa8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/GMS-2017-342.yml 38.6.0
2026-05-31T09:37:45.774658+00:00 GitLab Importer Affected by VCID-ztq4-mw67-d3g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/GMS-2017-106.yml 38.6.0
2026-05-31T09:37:41.202288+00:00 GitLab Importer Affected by VCID-cdn9-dp2r-fyfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/GMS-2017-341.yml 38.6.0