{"url":"http://public2.vulnerablecode.io/api/packages/63234?format=json","purl":"pkg:composer/magento/community-edition@2.4.4","type":"composer","namespace":"magento","name":"community-edition","version":"2.4.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.5-p10","latest_non_vulnerable_version":"2.4.9-alpha3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264115?format=json","vulnerability_id":"VCID-11ed-qtc7-bqbg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24863","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121","reference_id":"CVE-2024-45121","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121"},{"reference_url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg","reference_id":"GHSA-2qhq-fw98-h6wg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45121","GHSA-2qhq-fw98-h6wg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11ed-qtc7-bqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19432?format=json","vulnerability_id":"VCID-16x4-fjuv-hbc4","summary":"Magento Open Source allows Cross-Site Request Forgery (CSRF)\nAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20718","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30601","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20718"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20718","reference_id":"CVE-2024-20718","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20718"},{"reference_url":"https://github.com/advisories/GHSA-hqgj-4396-hmxv","reference_id":"GHSA-hqgj-4396-hmxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqgj-4396-hmxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67777?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/67776?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4"}],"aliases":["CVE-2024-20718","GHSA-hqgj-4396-hmxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16x4-fjuv-hbc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264126?format=json","vulnerability_id":"VCID-17xq-rhcp-z3hj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28765","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133","reference_id":"CVE-2024-45133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133"},{"reference_url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg","reference_id":"GHSA-j3mh-wx5f-2vhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45133","GHSA-j3mh-wx5f-2vhg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17xq-rhcp-z3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259379?format=json","vulnerability_id":"VCID-1wxk-rhfp-qqgp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.85973","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401","reference_id":"CVE-2024-39401","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401"},{"reference_url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq","reference_id":"GHSA-8frp-pxq2-3gpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39401","GHSA-8frp-pxq2-3gpq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1wxk-rhfp-qqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17831?format=json","vulnerability_id":"VCID-1xvu-3fjk-t7ay","summary":"Magento Open Source allows Improper Neutralization of Special Elements Used\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29297","reference_id":"","reference_type":"","scores":[{"value":"0.08749","scoring_system":"epss","scoring_elements":"0.92636","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29297"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29297","reference_id":"CVE-2023-29297","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29297"},{"reference_url":"https://github.com/advisories/GHSA-gfmm-ww6f-5mm5","reference_id":"GHSA-gfmm-ww6f-5mm5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gfmm-ww6f-5mm5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29297","GHSA-gfmm-ww6f-5mm5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xvu-3fjk-t7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255637?format=json","vulnerability_id":"VCID-1yj1-79jb-wyht","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34104","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70281","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34104"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34104","reference_id":"CVE-2024-34104","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34104"},{"reference_url":"https://github.com/advisories/GHSA-wwj3-573j-rvvm","reference_id":"GHSA-wwj3-573j-rvvm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wwj3-573j-rvvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34104","GHSA-wwj3-573j-rvvm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yj1-79jb-wyht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18229?format=json","vulnerability_id":"VCID-1yr5-8e84-cyf5","summary":"Magento Open Source allows Improper Neutralization of Special Elements Used\nAdobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38208","reference_id":"","reference_type":"","scores":[{"value":"0.03849","scoring_system":"epss","scoring_elements":"0.88393","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38208"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38208","reference_id":"CVE-2023-38208","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38208"},{"reference_url":"https://github.com/advisories/GHSA-mxc9-g6m4-2v35","reference_id":"GHSA-mxc9-g6m4-2v35","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mxc9-g6m4-2v35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65314?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/65313?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2"}],"aliases":["CVE-2023-38208","GHSA-mxc9-g6m4-2v35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yr5-8e84-cyf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264125?format=json","vulnerability_id":"VCID-27w8-khpp-c7hk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32409","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132","reference_id":"CVE-2024-45132","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132"},{"reference_url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm","reference_id":"GHSA-5f64-ppmg-cvvm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45132","GHSA-5f64-ppmg-cvvm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27w8-khpp-c7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264112?format=json","vulnerability_id":"VCID-29fa-krur-qqbv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24863","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118","reference_id":"CVE-2024-45118","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118"},{"reference_url":"https://github.com/advisories/GHSA-cg52-68fv-94qq","reference_id":"GHSA-cg52-68fv-94qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg52-68fv-94qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45118","GHSA-cg52-68fv-94qq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29fa-krur-qqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264111?format=json","vulnerability_id":"VCID-2eq5-hm5y-f3f4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49546","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117","reference_id":"CVE-2024-45117","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117"},{"reference_url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g","reference_id":"GHSA-3fr3-gcqh-3m2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45117","GHSA-3fr3-gcqh-3m2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eq5-hm5y-f3f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17184?format=json","vulnerability_id":"VCID-2gjv-y49y-4yh7","summary":"Magento Open Source allows Improper Access Control\nAdobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22250","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63289","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22250"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22250","reference_id":"CVE-2023-22250","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22250"},{"reference_url":"https://github.com/advisories/GHSA-4h7p-4vq8-g2gh","reference_id":"GHSA-4h7p-4vq8-g2gh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4h7p-4vq8-g2gh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63237?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2"}],"aliases":["CVE-2023-22250","GHSA-4h7p-4vq8-g2gh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gjv-y49y-4yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17828?format=json","vulnerability_id":"VCID-389t-bp5k-yqbw","summary":"Magento Open Source allows XML Injection\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29289","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58242","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29289"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29289","reference_id":"CVE-2023-29289","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29289"},{"reference_url":"https://github.com/advisories/GHSA-wh42-8r2w-873x","reference_id":"GHSA-wh42-8r2w-873x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wh42-8r2w-873x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29289","GHSA-wh42-8r2w-873x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-389t-bp5k-yqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18223?format=json","vulnerability_id":"VCID-3d83-1r55-uqfb","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38209","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40529","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38209"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38209","reference_id":"CVE-2023-38209","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38209"},{"reference_url":"https://github.com/advisories/GHSA-3vg2-v639-6ch9","reference_id":"GHSA-3vg2-v639-6ch9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vg2-v639-6ch9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65314?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/65313?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2"}],"aliases":["CVE-2023-38209","GHSA-3vg2-v639-6ch9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3d83-1r55-uqfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259397?format=json","vulnerability_id":"VCID-3hcd-r9gs-cfgh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46269","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419","reference_id":"CVE-2024-39419","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419"},{"reference_url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v","reference_id":"GHSA-74w7-cr4v-wf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39419","GHSA-74w7-cr4v-wf2v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hcd-r9gs-cfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18620?format=json","vulnerability_id":"VCID-3tpy-wktb-wqdj","summary":"Magento Open Source allows Server-Side Request Forgery (SSRF)\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58093","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366","reference_id":"CVE-2023-26366","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366"},{"reference_url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh","reference_id":"GHSA-8jxc-5f94-22vh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-26366","GHSA-8jxc-5f94-22vh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpy-wktb-wqdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264116?format=json","vulnerability_id":"VCID-3v4v-ysx5-77gs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30569","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122","reference_id":"CVE-2024-45122","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122"},{"reference_url":"https://github.com/advisories/GHSA-46fm-x82m-5f74","reference_id":"GHSA-46fm-x82m-5f74","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46fm-x82m-5f74"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45122","GHSA-46fm-x82m-5f74"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3v4v-ysx5-77gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17836?format=json","vulnerability_id":"VCID-4rga-e18t-myh6","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29288","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37058","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29288"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29288","reference_id":"CVE-2023-29288","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29288"},{"reference_url":"https://github.com/advisories/GHSA-f989-3fp9-q3r2","reference_id":"GHSA-f989-3fp9-q3r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f989-3fp9-q3r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29288","GHSA-f989-3fp9-q3r2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rga-e18t-myh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259389?format=json","vulnerability_id":"VCID-4w8w-6563-3kfb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411","reference_id":"CVE-2024-39411","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411"},{"reference_url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq","reference_id":"GHSA-qm77-mqf3-fmhq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39411","GHSA-qm77-mqf3-fmhq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w8w-6563-3kfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259391?format=json","vulnerability_id":"VCID-5bn1-w5sa-ubft","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413","reference_id":"CVE-2024-39413","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413"},{"reference_url":"https://github.com/advisories/GHSA-8w5f-8992-g86j","reference_id":"GHSA-8w5f-8992-g86j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w5f-8992-g86j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39413","GHSA-8w5f-8992-g86j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bn1-w5sa-ubft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264113?format=json","vulnerability_id":"VCID-5du3-fvj3-87h7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57647","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119","reference_id":"CVE-2024-45119","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119"},{"reference_url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj","reference_id":"GHSA-g9fm-wc6h-pvgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45119","GHSA-g9fm-wc6h-pvgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5du3-fvj3-87h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264121?format=json","vulnerability_id":"VCID-5tkb-ngcw-t7ap","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13958","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128","reference_id":"CVE-2024-45128","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128"},{"reference_url":"https://github.com/advisories/GHSA-qpp7-742q-58j3","reference_id":"GHSA-qpp7-742q-58j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpp7-742q-58j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45128","GHSA-qpp7-742q-58j3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkb-ngcw-t7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264118?format=json","vulnerability_id":"VCID-6g84-aswq-5kfb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26898","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124","reference_id":"CVE-2024-45124","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124"},{"reference_url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv","reference_id":"GHSA-w3p2-pc3h-69wv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45124","GHSA-w3p2-pc3h-69wv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g84-aswq-5kfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17837?format=json","vulnerability_id":"VCID-6gue-nxx5-u3h6","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29295","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30666","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29295"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29295","reference_id":"CVE-2023-29295","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29295"},{"reference_url":"https://github.com/advisories/GHSA-354h-fpmq-68v7","reference_id":"GHSA-354h-fpmq-68v7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-354h-fpmq-68v7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29295","GHSA-354h-fpmq-68v7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gue-nxx5-u3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264119?format=json","vulnerability_id":"VCID-6mxj-tzme-zyhb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21249","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125","reference_id":"CVE-2024-45125","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125"},{"reference_url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh","reference_id":"GHSA-xg36-8c2v-jpxh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45125","GHSA-xg36-8c2v-jpxh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxj-tzme-zyhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255638?format=json","vulnerability_id":"VCID-6srg-smmw-hycj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34105","reference_id":"","reference_type":"","scores":[{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83806","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34105"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34105","reference_id":"CVE-2024-34105","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34105"},{"reference_url":"https://github.com/advisories/GHSA-5632-wq7m-gfq9","reference_id":"GHSA-5632-wq7m-gfq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5632-wq7m-gfq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34105","GHSA-5632-wq7m-gfq9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6srg-smmw-hycj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264128?format=json","vulnerability_id":"VCID-7dzy-1fxw-xfes","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34385","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135","reference_id":"CVE-2024-45135","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135"},{"reference_url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww","reference_id":"GHSA-8pxg-gcp4-57ww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45135","GHSA-8pxg-gcp4-57ww"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dzy-1fxw-xfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199792?format=json","vulnerability_id":"VCID-86h6-jwyx-8yf2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34257","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73815","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34257"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34257","reference_id":"CVE-2022-34257","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34257"},{"reference_url":"https://github.com/advisories/GHSA-rg7p-wmgj-f374","reference_id":"GHSA-rg7p-wmgj-f374","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg7p-wmgj-f374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34257","GHSA-rg7p-wmgj-f374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86h6-jwyx-8yf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199794?format=json","vulnerability_id":"VCID-8kar-95vh-ube3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34259","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46054","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34259"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34259","reference_id":"CVE-2022-34259","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34259"},{"reference_url":"https://github.com/advisories/GHSA-9wjf-94h3-r4rh","reference_id":"GHSA-9wjf-94h3-r4rh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wjf-94h3-r4rh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34259","GHSA-9wjf-94h3-r4rh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kar-95vh-ube3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17841?format=json","vulnerability_id":"VCID-8wm3-xqbd-zqf5","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29290","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34763","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29290"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29290","reference_id":"CVE-2023-29290","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29290"},{"reference_url":"https://github.com/advisories/GHSA-qw5m-vmp3-f553","reference_id":"GHSA-qw5m-vmp3-f553","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qw5m-vmp3-f553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29290","GHSA-qw5m-vmp3-f553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wm3-xqbd-zqf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259380?format=json","vulnerability_id":"VCID-94sc-9fyk-2uay","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.85973","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402","reference_id":"CVE-2024-39402","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402"},{"reference_url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x","reference_id":"GHSA-2ff6-837j-hg5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39402","GHSA-2ff6-837j-hg5x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94sc-9fyk-2uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264124?format=json","vulnerability_id":"VCID-96gx-zvab-yyhe","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32477","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131","reference_id":"CVE-2024-45131","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131"},{"reference_url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm","reference_id":"GHSA-xc5p-773w-m3pm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45131","GHSA-xc5p-773w-m3pm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96gx-zvab-yyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17832?format=json","vulnerability_id":"VCID-9u6k-hbxd-8bds","summary":"Magento Open Source has Business Logic Errors Vulnerability\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29294","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41646","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29294"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29294","reference_id":"CVE-2023-29294","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29294"},{"reference_url":"https://github.com/advisories/GHSA-28vp-39rf-3q2j","reference_id":"GHSA-28vp-39rf-3q2j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-28vp-39rf-3q2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29294","GHSA-28vp-39rf-3q2j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u6k-hbxd-8bds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17833?format=json","vulnerability_id":"VCID-9v4c-gauv-wyh2","summary":"Magento Open Source allows Server-Side Request Forgery (SSRF)\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29292","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64866","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29292"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29292","reference_id":"CVE-2023-29292","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29292"},{"reference_url":"https://github.com/advisories/GHSA-4588-7x48-jrgj","reference_id":"GHSA-4588-7x48-jrgj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4588-7x48-jrgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29292","GHSA-4588-7x48-jrgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v4c-gauv-wyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259378?format=json","vulnerability_id":"VCID-a2mn-k8qn-j7c9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400","reference_id":"","reference_type":"","scores":[{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81253","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400","reference_id":"CVE-2024-39400","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400"},{"reference_url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44","reference_id":"GHSA-52fg-wjxm-pp44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39400","GHSA-52fg-wjxm-pp44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2mn-k8qn-j7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17821?format=json","vulnerability_id":"VCID-b6wy-nzzg-k3em","summary":"Magento Open Source affected by Improper Input Validation\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22248","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37862","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22248"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22248","reference_id":"CVE-2023-22248","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22248"},{"reference_url":"https://github.com/advisories/GHSA-5jfg-phx7-7fxg","reference_id":"GHSA-5jfg-phx7-7fxg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5jfg-phx7-7fxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-22248","GHSA-5jfg-phx7-7fxg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6wy-nzzg-k3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18610?format=json","vulnerability_id":"VCID-bm3p-s43s-uuce","summary":"Magento Open Source allows Cross-Site Scripting (XSS)\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38219","reference_id":"","reference_type":"","scores":[{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81552","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38219"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38219","reference_id":"CVE-2023-38219","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38219"},{"reference_url":"https://github.com/advisories/GHSA-3j7w-jp46-9752","reference_id":"GHSA-3j7w-jp46-9752","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3j7w-jp46-9752"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38219","GHSA-3j7w-jp46-9752"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bm3p-s43s-uuce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19435?format=json","vulnerability_id":"VCID-c7rf-4ky3-tyev","summary":"Magento Open Source allows Uncontrolled Resource Consumption\nAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20716","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50174","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20716"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20716","reference_id":"CVE-2024-20716","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20716"},{"reference_url":"https://github.com/advisories/GHSA-c9h9-h5gf-885r","reference_id":"GHSA-c9h9-h5gf-885r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9h9-h5gf-885r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67777?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/67776?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4"}],"aliases":["CVE-2024-20716","GHSA-c9h9-h5gf-885r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7rf-4ky3-tyev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19436?format=json","vulnerability_id":"VCID-ca94-mqq1-jyaz","summary":"Magento Open Source allows OS Command Injection\nAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20720","reference_id":"","reference_type":"","scores":[{"value":"0.07195","scoring_system":"epss","scoring_elements":"0.91722","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20720"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20720","reference_id":"CVE-2024-20720","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20720"},{"reference_url":"https://github.com/advisories/GHSA-525f-pvj5-vqmq","reference_id":"GHSA-525f-pvj5-vqmq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-525f-pvj5-vqmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67777?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/67776?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4"}],"aliases":["CVE-2024-20720","GHSA-525f-pvj5-vqmq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca94-mqq1-jyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199793?format=json","vulnerability_id":"VCID-cd1x-g9b4-6ufh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34258","reference_id":"","reference_type":"","scores":[{"value":"0.16184","scoring_system":"epss","scoring_elements":"0.94918","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34258"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34258","reference_id":"CVE-2022-34258","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34258"},{"reference_url":"https://github.com/advisories/GHSA-5m55-g8pv-x8ww","reference_id":"GHSA-5m55-g8pv-x8ww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m55-g8pv-x8ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34258","GHSA-5m55-g8pv-x8ww"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cd1x-g9b4-6ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259382?format=json","vulnerability_id":"VCID-ctr3-kt63-hybf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4775","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404","reference_id":"CVE-2024-39404","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404"},{"reference_url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6","reference_id":"GHSA-qrh3-vxjg-h9h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39404","GHSA-qrh3-vxjg-h9h6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctr3-kt63-hybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264114?format=json","vulnerability_id":"VCID-d6u8-dhmd-x3ed","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22486","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120","reference_id":"CVE-2024-45120","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120"},{"reference_url":"https://github.com/advisories/GHSA-47jp-46c9-25vf","reference_id":"GHSA-47jp-46c9-25vf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47jp-46c9-25vf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45120","GHSA-47jp-46c9-25vf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6u8-dhmd-x3ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17840?format=json","vulnerability_id":"VCID-de3q-b1v4-bybu","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29296","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30666","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29296"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29296","reference_id":"CVE-2023-29296","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29296"},{"reference_url":"https://github.com/advisories/GHSA-3qr4-w96f-672v","reference_id":"GHSA-3qr4-w96f-672v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3qr4-w96f-672v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29296","GHSA-3qr4-w96f-672v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-de3q-b1v4-bybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259376?format=json","vulnerability_id":"VCID-enwr-t7r8-xyge","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46972","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398","reference_id":"CVE-2024-39398","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398"},{"reference_url":"https://github.com/advisories/GHSA-q628-54wg-4r5q","reference_id":"GHSA-q628-54wg-4r5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q628-54wg-4r5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39398","GHSA-q628-54wg-4r5q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enwr-t7r8-xyge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18618?format=json","vulnerability_id":"VCID-eu82-bgnu-rue2","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38218","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38218"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38218","reference_id":"CVE-2023-38218","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38218"},{"reference_url":"https://github.com/advisories/GHSA-rpc7-gf58-v3x2","reference_id":"GHSA-rpc7-gf58-v3x2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rpc7-gf58-v3x2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38218","GHSA-rpc7-gf58-v3x2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu82-bgnu-rue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259385?format=json","vulnerability_id":"VCID-euam-6b48-suhg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.4775","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407","reference_id":"CVE-2024-39407","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407"},{"reference_url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c","reference_id":"GHSA-cjm6-8mw8-2f8c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39407","GHSA-cjm6-8mw8-2f8c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euam-6b48-suhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259388?format=json","vulnerability_id":"VCID-f5jj-23tj-wkbu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66912","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410","reference_id":"CVE-2024-39410","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410"},{"reference_url":"https://github.com/advisories/GHSA-4323-f82v-f6jr","reference_id":"GHSA-4323-f82v-f6jr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4323-f82v-f6jr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39410","GHSA-4323-f82v-f6jr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5jj-23tj-wkbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259393?format=json","vulnerability_id":"VCID-f6vc-8z9a-cqej","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415","reference_id":"CVE-2024-39415","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415"},{"reference_url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq","reference_id":"GHSA-gj93-84g5-mcjq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39415","GHSA-gj93-84g5-mcjq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6vc-8z9a-cqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259384?format=json","vulnerability_id":"VCID-ft2p-3a61-wudj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76253","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406","reference_id":"CVE-2024-39406","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406"},{"reference_url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5","reference_id":"GHSA-6pxh-2557-5cj5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39406","GHSA-6pxh-2557-5cj5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft2p-3a61-wudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259387?format=json","vulnerability_id":"VCID-gf2z-99wt-3qcg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66912","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409","reference_id":"CVE-2024-39409","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409"},{"reference_url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r","reference_id":"GHSA-rf4q-m23c-7q8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39409","GHSA-rf4q-m23c-7q8r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gf2z-99wt-3qcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18608?format=json","vulnerability_id":"VCID-gkb3-ddu2-qyg6","summary":"Magento Open Source allows Uncontrolled Resource Consumption\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Uncontrolled Resource Consumption vulnerability that could lead into a minor application denial-of-service. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46059","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251","reference_id":"CVE-2023-38251","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251"},{"reference_url":"https://github.com/advisories/GHSA-7pfc-834q-h497","reference_id":"GHSA-7pfc-834q-h497","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7pfc-834q-h497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38251","GHSA-7pfc-834q-h497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkb3-ddu2-qyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259383?format=json","vulnerability_id":"VCID-hcbc-9c78-yye6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46269","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405","reference_id":"CVE-2024-39405","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405"},{"reference_url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4","reference_id":"GHSA-5g9f-7gqc-8hj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39405","GHSA-5g9f-7gqc-8hj4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcbc-9c78-yye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19871?format=json","vulnerability_id":"VCID-hwb9-yxzn-zub5","summary":"Magento Open Source allows Cross-Site Scripting (XSS)\nAdobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759","reference_id":"","reference_type":"","scores":[{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82182","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759","reference_id":"CVE-2024-20759","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759"},{"reference_url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5","reference_id":"GHSA-59vf-hjxc-f9c5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68501?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/68500?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66132?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-2495-ugn7-v7fk"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9gte-ub5c-mqas"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d372-f5hu-1bhr"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hbre-ty72-g7gy"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tk7j-4vsm-e7c6"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}],"aliases":["CVE-2024-20759","GHSA-59vf-hjxc-f9c5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwb9-yxzn-zub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264122?format=json","vulnerability_id":"VCID-jbs3-xb4d-j3gz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129","reference_id":"CVE-2024-45129","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129"},{"reference_url":"https://github.com/advisories/GHSA-m58h-998x-66f3","reference_id":"GHSA-m58h-998x-66f3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m58h-998x-66f3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45129","GHSA-m58h-998x-66f3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbs3-xb4d-j3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18613?format=json","vulnerability_id":"VCID-jede-wz7z-2ugt","summary":"Magento Open Source has Improper Input Validation Vulnerability\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58651","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367","reference_id":"CVE-2023-26367","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367"},{"reference_url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj","reference_id":"GHSA-9mx6-4gg4-85xj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-26367","GHSA-9mx6-4gg4-85xj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jede-wz7z-2ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264110?format=json","vulnerability_id":"VCID-jehy-k235-4ua9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116","reference_id":"","reference_type":"","scores":[{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83241","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116","reference_id":"CVE-2024-45116","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116"},{"reference_url":"https://github.com/advisories/GHSA-873m-72g6-853g","reference_id":"GHSA-873m-72g6-853g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-873m-72g6-853g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45116","GHSA-873m-72g6-853g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jehy-k235-4ua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200738?format=json","vulnerability_id":"VCID-jew7-2yd7-8ffp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35689","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65739","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35689"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35689","reference_id":"CVE-2022-35689","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35689"},{"reference_url":"https://github.com/advisories/GHSA-5fxx-jwjm-x9hj","reference_id":"GHSA-5fxx-jwjm-x9hj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fxx-jwjm-x9hj"}],"fixed_packages":[],"aliases":["CVE-2022-35689","GHSA-5fxx-jwjm-x9hj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jew7-2yd7-8ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18609?format=json","vulnerability_id":"VCID-jg5k-6vqh-57ey","summary":"Magento Open Source allows SQL Injection\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249","reference_id":"CVE-2023-38249","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249"},{"reference_url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7","reference_id":"GHSA-rq36-9f5f-2gw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38249","GHSA-rq36-9f5f-2gw7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jg5k-6vqh-57ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255639?format=json","vulnerability_id":"VCID-k55s-dcep-mbbk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34106","reference_id":"","reference_type":"","scores":[{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71275","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34106"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34106","reference_id":"CVE-2024-34106","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34106"},{"reference_url":"https://github.com/advisories/GHSA-p6h9-gx5g-wg64","reference_id":"GHSA-p6h9-gx5g-wg64","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6h9-gx5g-wg64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34106","GHSA-p6h9-gx5g-wg64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k55s-dcep-mbbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17824?format=json","vulnerability_id":"VCID-kj9m-ccf8-gyep","summary":"Magento Open Source allows Information Exposure\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29287","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54233","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29287"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29287","reference_id":"CVE-2023-29287","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29287"},{"reference_url":"https://github.com/advisories/GHSA-85m4-g9vq-xpxj","reference_id":"GHSA-85m4-g9vq-xpxj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-85m4-g9vq-xpxj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29287","GHSA-85m4-g9vq-xpxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kj9m-ccf8-gyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264142?format=json","vulnerability_id":"VCID-kumb-xzbe-5fb3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33758","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149","reference_id":"CVE-2024-45149","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149"},{"reference_url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw","reference_id":"GHSA-w7rg-7wq2-pjrw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45149","GHSA-w7rg-7wq2-pjrw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kumb-xzbe-5fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200747?format=json","vulnerability_id":"VCID-mgnu-rgqb-h7cw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35698","reference_id":"","reference_type":"","scores":[{"value":"0.02186","scoring_system":"epss","scoring_elements":"0.8465","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35698"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35698","reference_id":"CVE-2022-35698","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35698"},{"reference_url":"https://github.com/advisories/GHSA-4vj2-426r-jm3g","reference_id":"GHSA-4vj2-426r-jm3g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vj2-426r-jm3g"}],"fixed_packages":[],"aliases":["CVE-2022-35698","GHSA-4vj2-426r-jm3g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgnu-rgqb-h7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255640?format=json","vulnerability_id":"VCID-mgxx-zdm4-9fe7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34107","reference_id":"","reference_type":"","scores":[{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.72972","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34107"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34107","reference_id":"CVE-2024-34107","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34107"},{"reference_url":"https://github.com/advisories/GHSA-r7cm-g469-wm4g","reference_id":"GHSA-r7cm-g469-wm4g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7cm-g469-wm4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34107","GHSA-r7cm-g469-wm4g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgxx-zdm4-9fe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259377?format=json","vulnerability_id":"VCID-ntcr-n7fp-j3ab","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75054","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399","reference_id":"CVE-2024-39399","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399"},{"reference_url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc","reference_id":"GHSA-7r99-8wqp-h7pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39399","GHSA-7r99-8wqp-h7pc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntcr-n7fp-j3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19848?format=json","vulnerability_id":"VCID-pqpk-dh2p-4yc8","summary":"Magento Open Source allows Improper Input Validation\nAdobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758","reference_id":"","reference_type":"","scores":[{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84703","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758","reference_id":"CVE-2024-20758","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758"},{"reference_url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq","reference_id":"GHSA-wh4m-6rh3-p4rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68501?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/68500?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66132?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-2495-ugn7-v7fk"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9gte-ub5c-mqas"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d372-f5hu-1bhr"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hbre-ty72-g7gy"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tk7j-4vsm-e7c6"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}],"aliases":["CVE-2024-20758","GHSA-wh4m-6rh3-p4rq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqpk-dh2p-4yc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259396?format=json","vulnerability_id":"VCID-qxz4-rh86-cfcu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56023","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418","reference_id":"CVE-2024-39418","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418"},{"reference_url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4","reference_id":"GHSA-gvgf-pvh5-vjh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39418","GHSA-gvgf-pvh5-vjh4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxz4-rh86-cfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259394?format=json","vulnerability_id":"VCID-rgfy-hqz1-zyb4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416","reference_id":"CVE-2024-39416","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416"},{"reference_url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5","reference_id":"GHSA-4xgg-rw35-7mv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39416","GHSA-4xgg-rw35-7mv5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgfy-hqz1-zyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18228?format=json","vulnerability_id":"VCID-rmqf-8w57-uydk","summary":"Magento Open Source allows XML Injection\nAdobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38207","reference_id":"","reference_type":"","scores":[{"value":"0.01136","scoring_system":"epss","scoring_elements":"0.78689","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38207"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38207","reference_id":"CVE-2023-38207","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38207"},{"reference_url":"https://github.com/advisories/GHSA-rpv2-g4pc-wp72","reference_id":"GHSA-rpv2-g4pc-wp72","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rpv2-g4pc-wp72"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65314?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/65313?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2"}],"aliases":["CVE-2023-38207","GHSA-rpv2-g4pc-wp72"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmqf-8w57-uydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255636?format=json","vulnerability_id":"VCID-rv3b-5ja1-dkdv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34103","reference_id":"","reference_type":"","scores":[{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.83204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34103"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34103","reference_id":"CVE-2024-34103","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34103"},{"reference_url":"https://github.com/advisories/GHSA-f7q4-9gwv-6774","reference_id":"GHSA-f7q4-9gwv-6774","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7q4-9gwv-6774"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34103","GHSA-f7q4-9gwv-6774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rv3b-5ja1-dkdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200741?format=json","vulnerability_id":"VCID-snxt-bv9t-nbdu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35692","reference_id":"","reference_type":"","scores":[{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66871","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35692"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35692","reference_id":"CVE-2022-35692","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35692"},{"reference_url":"https://github.com/advisories/GHSA-gm4m-9rm8-7rxj","reference_id":"GHSA-gm4m-9rm8-7rxj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gm4m-9rm8-7rxj"}],"fixed_packages":[],"aliases":["CVE-2022-35692","GHSA-gm4m-9rm8-7rxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snxt-bv9t-nbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264117?format=json","vulnerability_id":"VCID-t1ba-h3yd-yydc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79626","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123","reference_id":"CVE-2024-45123","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123"},{"reference_url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc","reference_id":"GHSA-88x2-cq34-5fwc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45123","GHSA-88x2-cq34-5fwc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ba-h3yd-yydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199789?format=json","vulnerability_id":"VCID-t2pj-rv3r-7fda","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34254","reference_id":"","reference_type":"","scores":[{"value":"0.00599","scoring_system":"epss","scoring_elements":"0.69768","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34254"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34254","reference_id":"CVE-2022-34254","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34254"},{"reference_url":"https://github.com/advisories/GHSA-fx9g-g9q6-x3jx","reference_id":"GHSA-fx9g-g9q6-x3jx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx9g-g9q6-x3jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34254","GHSA-fx9g-g9q6-x3jx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2pj-rv3r-7fda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264127?format=json","vulnerability_id":"VCID-tn7z-sztq-hbax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30716","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134","reference_id":"CVE-2024-45134","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134"},{"reference_url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g","reference_id":"GHSA-4f89-5cwm-rm5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45134","GHSA-4f89-5cwm-rm5g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn7z-sztq-hbax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199791?format=json","vulnerability_id":"VCID-trys-a3eq-y7fb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34256","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61518","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34256"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34256","reference_id":"CVE-2022-34256","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34256"},{"reference_url":"https://github.com/advisories/GHSA-r7mm-grf3-5fjv","reference_id":"GHSA-r7mm-grf3-5fjv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7mm-grf3-5fjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34256","GHSA-r7mm-grf3-5fjv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trys-a3eq-y7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259381?format=json","vulnerability_id":"VCID-u3gt-rhgh-p7ax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403","reference_id":"","reference_type":"","scores":[{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86389","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403","reference_id":"CVE-2024-39403","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403"},{"reference_url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg","reference_id":"GHSA-mmp7-8cg4-9wrg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39403","GHSA-mmp7-8cg4-9wrg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3gt-rhgh-p7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17827?format=json","vulnerability_id":"VCID-ub5g-fuqv-xqej","summary":"Magento Open Source affected by Improper Input Validation\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29293","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29293"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29293","reference_id":"CVE-2023-29293","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29293"},{"reference_url":"https://github.com/advisories/GHSA-66c9-xrwj-9xv6","reference_id":"GHSA-66c9-xrwj-9xv6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66c9-xrwj-9xv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29293","GHSA-66c9-xrwj-9xv6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub5g-fuqv-xqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18617?format=json","vulnerability_id":"VCID-ueg1-1xj3-aqcq","summary":"Magento Open Source allows SQL Injection\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38221","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38221"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38221","reference_id":"CVE-2023-38221","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38221"},{"reference_url":"https://github.com/advisories/GHSA-ggr8-3hwx-4f2m","reference_id":"GHSA-ggr8-3hwx-4f2m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggr8-3hwx-4f2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38221","GHSA-ggr8-3hwx-4f2m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ueg1-1xj3-aqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18002?format=json","vulnerability_id":"VCID-umy7-aq5d-vfhj","summary":"Magento Open Source allows Cross-Site Scripting (XSS)\nAdobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22249","reference_id":"","reference_type":"","scores":[{"value":"0.05206","scoring_system":"epss","scoring_elements":"0.90079","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22249"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22249","reference_id":"CVE-2023-22249","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22249"},{"reference_url":"https://github.com/advisories/GHSA-fxcr-gvcw-hmqm","reference_id":"GHSA-fxcr-gvcw-hmqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fxcr-gvcw-hmqm"}],"fixed_packages":[],"aliases":["CVE-2023-22249","GHSA-fxcr-gvcw-hmqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umy7-aq5d-vfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259386?format=json","vulnerability_id":"VCID-v7ru-7kga-2bet","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.66912","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408","reference_id":"CVE-2024-39408","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408"},{"reference_url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx","reference_id":"GHSA-4cj6-f32v-6hgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39408","GHSA-4cj6-f32v-6hgx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7ru-7kga-2bet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18616?format=json","vulnerability_id":"VCID-vt4j-zfwn-m3cd","summary":"Magento Open Source allows Improper Authorization\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38220","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35687","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38220"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38220","reference_id":"CVE-2023-38220","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38220"},{"reference_url":"https://github.com/advisories/GHSA-grc6-r6f8-xj7c","reference_id":"GHSA-grc6-r6f8-xj7c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grc6-r6f8-xj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38220","GHSA-grc6-r6f8-xj7c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vt4j-zfwn-m3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264120?format=json","vulnerability_id":"VCID-vthq-tuqs-5fg9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127","reference_id":"","reference_type":"","scores":[{"value":"0.00837","scoring_system":"epss","scoring_elements":"0.74966","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127","reference_id":"CVE-2024-45127","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127"},{"reference_url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2","reference_id":"GHSA-c89g-gq5r-2xw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45127","GHSA-c89g-gq5r-2xw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vthq-tuqs-5fg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259395?format=json","vulnerability_id":"VCID-vvzs-mjes-e3eq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417","reference_id":"CVE-2024-39417","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417"},{"reference_url":"https://github.com/advisories/GHSA-4xmj-f664-hv98","reference_id":"GHSA-4xmj-f664-hv98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xmj-f664-hv98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39417","GHSA-4xmj-f664-hv98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvzs-mjes-e3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19434?format=json","vulnerability_id":"VCID-whzv-vgev-rqd4","summary":"Magento Open Source allows Cross-Site Scripting (XSS)\nAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20719","reference_id":"","reference_type":"","scores":[{"value":"0.01149","scoring_system":"epss","scoring_elements":"0.78796","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20719"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20719","reference_id":"CVE-2024-20719","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20719"},{"reference_url":"https://github.com/advisories/GHSA-264g-f7v8-q5qq","reference_id":"GHSA-264g-f7v8-q5qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-264g-f7v8-q5qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67777?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/67776?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p4"}],"aliases":["CVE-2024-20719","GHSA-264g-f7v8-q5qq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whzv-vgev-rqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17185?format=json","vulnerability_id":"VCID-wv9y-3kyz-hbgq","summary":"Magento Open Source allows Incorrect Authorization\nAdobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22251","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41868","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22251"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22251","reference_id":"CVE-2023-22251","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22251"},{"reference_url":"https://github.com/advisories/GHSA-2wm7-mmgc-qxr3","reference_id":"GHSA-2wm7-mmgc-qxr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2wm7-mmgc-qxr3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63237?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2"}],"aliases":["CVE-2023-22251","GHSA-2wm7-mmgc-qxr3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv9y-3kyz-hbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264123?format=json","vulnerability_id":"VCID-xde9-dz52-1fgp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24203","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130","reference_id":"CVE-2024-45130","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130"},{"reference_url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576","reference_id":"GHSA-v3v6-jfvw-m576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83155?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/83154?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/83156?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"}],"aliases":["CVE-2024-45130","GHSA-v3v6-jfvw-m576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xde9-dz52-1fgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17838?format=json","vulnerability_id":"VCID-xhej-jypg-7fah","summary":"Magento Open Source allows Server-Side Request Forgery (SSRF)\nAdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29291","reference_id":"","reference_type":"","scores":[{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68792","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29291"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29291","reference_id":"CVE-2023-29291","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29291"},{"reference_url":"https://github.com/advisories/GHSA-5f79-vhr4-vw2r","reference_id":"GHSA-5f79-vhr4-vw2r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5f79-vhr4-vw2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64388?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p3"}],"aliases":["CVE-2023-29291","GHSA-5f79-vhr4-vw2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhej-jypg-7fah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259390?format=json","vulnerability_id":"VCID-xm9z-aqhf-uqft","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50493","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412","reference_id":"CVE-2024-39412","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412"},{"reference_url":"https://github.com/advisories/GHSA-7472-vw39-g2j3","reference_id":"GHSA-7472-vw39-g2j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7472-vw39-g2j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39412","GHSA-7472-vw39-g2j3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xm9z-aqhf-uqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259392?format=json","vulnerability_id":"VCID-y9ew-ydqv-4kbf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414","reference_id":"CVE-2024-39414","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414"},{"reference_url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4","reference_id":"GHSA-x6f9-hv9r-fgq4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82456?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/82458?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/82459?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39414","GHSA-x6f9-hv9r-fgq4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9ew-ydqv-4kbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18607?format=json","vulnerability_id":"VCID-ypqs-5ju2-hkcz","summary":"Magento Open Source allows SQL Injection\nAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83283","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250","reference_id":"CVE-2023-38250","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250"},{"reference_url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx","reference_id":"GHSA-h3g9-cwr6-hphx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66135?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/66134?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/66133?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2"}],"aliases":["CVE-2023-38250","GHSA-h3g9-cwr6-hphx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypqs-5ju2-hkcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199790?format=json","vulnerability_id":"VCID-z5sv-b3wm-rqbe","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34255","reference_id":"","reference_type":"","scores":[{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66786","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34255"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34255","reference_id":"CVE-2022-34255","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34255"},{"reference_url":"https://github.com/advisories/GHSA-x95x-f4g9-mm85","reference_id":"GHSA-x95x-f4g9-mm85","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x95x-f4g9-mm85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34255","GHSA-x95x-f4g9-mm85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5sv-b3wm-rqbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199788?format=json","vulnerability_id":"VCID-z7g7-sbje-bbev","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34253","reference_id":"","reference_type":"","scores":[{"value":"0.37194","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34253"},{"reference_url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523"},{"reference_url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"reference_url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34253","reference_id":"CVE-2022-34253","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34253"},{"reference_url":"https://github.com/advisories/GHSA-cj7w-pm77-hvg6","reference_id":"GHSA-cj7w-pm77-hvg6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj7w-pm77-hvg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-34253","GHSA-cj7w-pm77-hvg6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7g7-sbje-bbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255635?format=json","vulnerability_id":"VCID-z8qf-cqwg-zkan","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102","reference_id":"","reference_type":"","scores":[{"value":"0.94149","scoring_system":"epss","scoring_elements":"0.99919","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102","reference_id":"","reference_type":"","scores":[],"url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102","reference_id":"CVE-2024-34102","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml","reference_id":"CVE-2024-34102.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj","reference_id":"GHSA-m8cj-3v68-3cxj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34102","GHSA-m8cj-3v68-3cxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8qf-cqwg-zkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205808?format=json","vulnerability_id":"VCID-zjmz-qn1y-n3d9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42344","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39766","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42344"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42344","reference_id":"CVE-2022-42344","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42344"},{"reference_url":"https://github.com/advisories/GHSA-297f-r9w7-w492","reference_id":"GHSA-297f-r9w7-w492","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-297f-r9w7-w492"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63236?format=json","purl":"pkg:composer/magento/community-edition@2.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11ed-qtc7-bqbg"},{"vulnerability":"VCID-16x4-fjuv-hbc4"},{"vulnerability":"VCID-17xq-rhcp-z3hj"},{"vulnerability":"VCID-1wxk-rhfp-qqgp"},{"vulnerability":"VCID-1xvu-3fjk-t7ay"},{"vulnerability":"VCID-1yj1-79jb-wyht"},{"vulnerability":"VCID-1yr5-8e84-cyf5"},{"vulnerability":"VCID-27w8-khpp-c7hk"},{"vulnerability":"VCID-29fa-krur-qqbv"},{"vulnerability":"VCID-2eq5-hm5y-f3f4"},{"vulnerability":"VCID-2gjv-y49y-4yh7"},{"vulnerability":"VCID-389t-bp5k-yqbw"},{"vulnerability":"VCID-3d83-1r55-uqfb"},{"vulnerability":"VCID-3hcd-r9gs-cfgh"},{"vulnerability":"VCID-3tpy-wktb-wqdj"},{"vulnerability":"VCID-3v4v-ysx5-77gs"},{"vulnerability":"VCID-4rga-e18t-myh6"},{"vulnerability":"VCID-4w8w-6563-3kfb"},{"vulnerability":"VCID-5bn1-w5sa-ubft"},{"vulnerability":"VCID-5du3-fvj3-87h7"},{"vulnerability":"VCID-5tkb-ngcw-t7ap"},{"vulnerability":"VCID-6g84-aswq-5kfb"},{"vulnerability":"VCID-6gue-nxx5-u3h6"},{"vulnerability":"VCID-6mxj-tzme-zyhb"},{"vulnerability":"VCID-6srg-smmw-hycj"},{"vulnerability":"VCID-7dzy-1fxw-xfes"},{"vulnerability":"VCID-8wm3-xqbd-zqf5"},{"vulnerability":"VCID-94sc-9fyk-2uay"},{"vulnerability":"VCID-96gx-zvab-yyhe"},{"vulnerability":"VCID-9u6k-hbxd-8bds"},{"vulnerability":"VCID-9v4c-gauv-wyh2"},{"vulnerability":"VCID-a2mn-k8qn-j7c9"},{"vulnerability":"VCID-b6wy-nzzg-k3em"},{"vulnerability":"VCID-bm3p-s43s-uuce"},{"vulnerability":"VCID-c7rf-4ky3-tyev"},{"vulnerability":"VCID-ca94-mqq1-jyaz"},{"vulnerability":"VCID-ctr3-kt63-hybf"},{"vulnerability":"VCID-d6u8-dhmd-x3ed"},{"vulnerability":"VCID-de3q-b1v4-bybu"},{"vulnerability":"VCID-enwr-t7r8-xyge"},{"vulnerability":"VCID-eu82-bgnu-rue2"},{"vulnerability":"VCID-euam-6b48-suhg"},{"vulnerability":"VCID-f5jj-23tj-wkbu"},{"vulnerability":"VCID-f6vc-8z9a-cqej"},{"vulnerability":"VCID-ft2p-3a61-wudj"},{"vulnerability":"VCID-gf2z-99wt-3qcg"},{"vulnerability":"VCID-gkb3-ddu2-qyg6"},{"vulnerability":"VCID-hcbc-9c78-yye6"},{"vulnerability":"VCID-hwb9-yxzn-zub5"},{"vulnerability":"VCID-jbs3-xb4d-j3gz"},{"vulnerability":"VCID-jede-wz7z-2ugt"},{"vulnerability":"VCID-jehy-k235-4ua9"},{"vulnerability":"VCID-jew7-2yd7-8ffp"},{"vulnerability":"VCID-jg5k-6vqh-57ey"},{"vulnerability":"VCID-k55s-dcep-mbbk"},{"vulnerability":"VCID-kj9m-ccf8-gyep"},{"vulnerability":"VCID-kumb-xzbe-5fb3"},{"vulnerability":"VCID-mgnu-rgqb-h7cw"},{"vulnerability":"VCID-mgxx-zdm4-9fe7"},{"vulnerability":"VCID-ntcr-n7fp-j3ab"},{"vulnerability":"VCID-pqpk-dh2p-4yc8"},{"vulnerability":"VCID-qxz4-rh86-cfcu"},{"vulnerability":"VCID-rgfy-hqz1-zyb4"},{"vulnerability":"VCID-rmqf-8w57-uydk"},{"vulnerability":"VCID-rv3b-5ja1-dkdv"},{"vulnerability":"VCID-t1ba-h3yd-yydc"},{"vulnerability":"VCID-tn7z-sztq-hbax"},{"vulnerability":"VCID-u3gt-rhgh-p7ax"},{"vulnerability":"VCID-ub5g-fuqv-xqej"},{"vulnerability":"VCID-ueg1-1xj3-aqcq"},{"vulnerability":"VCID-umy7-aq5d-vfhj"},{"vulnerability":"VCID-v7ru-7kga-2bet"},{"vulnerability":"VCID-vt4j-zfwn-m3cd"},{"vulnerability":"VCID-vthq-tuqs-5fg9"},{"vulnerability":"VCID-vvzs-mjes-e3eq"},{"vulnerability":"VCID-whzv-vgev-rqd4"},{"vulnerability":"VCID-wv9y-3kyz-hbgq"},{"vulnerability":"VCID-xde9-dz52-1fgp"},{"vulnerability":"VCID-xhej-jypg-7fah"},{"vulnerability":"VCID-xm9z-aqhf-uqft"},{"vulnerability":"VCID-y9ew-ydqv-4kbf"},{"vulnerability":"VCID-ypqs-5ju2-hkcz"},{"vulnerability":"VCID-z8qf-cqwg-zkan"},{"vulnerability":"VCID-zndr-m4hp-gue2"},{"vulnerability":"VCID-zwsv-4q8h-x3e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5"}],"aliases":["CVE-2022-42344","GHSA-297f-r9w7-w492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjmz-qn1y-n3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17181?format=json","vulnerability_id":"VCID-zndr-m4hp-gue2","summary":"Magento Open Source allows XML Injection\nAdobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22247","reference_id":"","reference_type":"","scores":[{"value":"0.04774","scoring_system":"epss","scoring_elements":"0.89628","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22247"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22247","reference_id":"CVE-2023-22247","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22247"},{"reference_url":"https://github.com/advisories/GHSA-2444-8gj8-6fmx","reference_id":"GHSA-2444-8gj8-6fmx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2444-8gj8-6fmx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63237?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2"}],"aliases":["CVE-2023-22247","GHSA-2444-8gj8-6fmx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zndr-m4hp-gue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255644?format=json","vulnerability_id":"VCID-zwsv-4q8h-x3e7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34111","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73625","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34111"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"","reference_type":"","scores":[],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34111","reference_id":"CVE-2024-34111","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34111"},{"reference_url":"https://github.com/advisories/GHSA-jmqp-r3gg-6jh3","reference_id":"GHSA-jmqp-r3gg-6jh3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmqp-r3gg-6jh3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81754?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/81756?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6"}],"aliases":["CVE-2024-34111","GHSA-jmqp-r3gg-6jh3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwsv-4q8h-x3e7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4"}