Search for packages
| purl | pkg:composer/shopware/shopware@5.5.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6cb3-b3qq-juap
Aliases: CVE-2019-12799 GHSA-rf8f-hqjv-986p |
Deserialization of Untrusted Data In `createInstanceFromNamedArguments` in Shopware, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-c3rs-ndfu-c3bq | Cross-site Scripting Shopware has XSS via the Query String to the `backend/Login` or `backend/Login/load/` URI. |
CVE-2019-12935
GHSA-8qxh-hcr9-2379 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T11:26:49.878236+00:00 | GithubOSV Importer | Fixing | VCID-c3rs-ndfu-c3bq | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8qxh-hcr9-2379/GHSA-8qxh-hcr9-2379.json | 38.6.0 |
| 2026-05-31T09:57:29.510893+00:00 | GitLab Importer | Affected by | VCID-6cb3-b3qq-juap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2019-12799.yml | 38.6.0 |
| 2026-05-31T00:58:47.203966+00:00 | GHSA Importer | Fixing | VCID-c3rs-ndfu-c3bq | https://github.com/advisories/GHSA-8qxh-hcr9-2379 | 38.6.0 |
| 2026-05-30T20:55:15.218054+00:00 | GitLab Importer | Fixing | VCID-c3rs-ndfu-c3bq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/shopware/CVE-2019-12935.yml | 38.6.0 |