Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/shopware/platform@6.6.10.12
Typecomposer
Namespaceshopware
Nameplatform
Version6.6.10.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.10.15
Latest_non_vulnerable_version6.7.8.1
Affected_by_vulnerabilities
0
url VCID-637f-zxjb-8ufn
vulnerability_id VCID-637f-zxjb-8ufn
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The "not found" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17474
published_at 2026-06-11T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17628
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17654
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17636
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31888
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
reference_id CVE-2026-31888
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31888
3
reference_url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqc5-xv7m-gcjq
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
reference_id GHSA-gqc5-xv7m-gcjq
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:39Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-gqc5-xv7m-gcjq
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B14
purl pkg:composer/shopware/platform@6.6.10%2B14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B14
1
url pkg:composer/shopware/platform@6.6.10.14
purl pkg:composer/shopware/platform@6.6.10.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqba-4hk6-eud2
1
vulnerability VCID-zhxv-e8fu-tucd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.14
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31888, GHSA-gqc5-xv7m-gcjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-637f-zxjb-8ufn
1
url VCID-dqba-4hk6-eud2
vulnerability_id VCID-dqba-4hk6-eud2
summary Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26177
published_at 2026-06-11T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26375
published_at 2026-06-14T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.2639
published_at 2026-06-13T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26378
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31889
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
reference_id CVE-2026-31889
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31889
3
reference_url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p7-rwrg-pf6p
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
reference_id GHSA-c4p7-rwrg-pf6p
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-12T20:04:03Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B15
purl pkg:composer/shopware/platform@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B15
1
url pkg:composer/shopware/platform@6.6.10.15
purl pkg:composer/shopware/platform@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.15
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31889, GHSA-c4p7-rwrg-pf6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqba-4hk6-eud2
2
url VCID-zhxv-e8fu-tucd
vulnerability_id VCID-zhxv-e8fu-tucd
summary Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16072
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.1605
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15931
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16084
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31887
1
reference_url https://github.com/shopware/shopware
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/shopware/shopware
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
reference_id CVE-2026-31887
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31887
3
reference_url https://github.com/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vvp-j573-5584
4
reference_url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
reference_id GHSA-7vvp-j573-5584
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:02:07Z/
url https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584
fixed_packages
0
url pkg:composer/shopware/platform@6.6.10%2B15
purl pkg:composer/shopware/platform@6.6.10%2B15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10%252B15
1
url pkg:composer/shopware/platform@6.6.10.15
purl pkg:composer/shopware/platform@6.6.10.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.15
2
url pkg:composer/shopware/platform@6.7.8%2B1
purl pkg:composer/shopware/platform@6.7.8%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8%252B1
3
url pkg:composer/shopware/platform@6.7.8.1
purl pkg:composer/shopware/platform@6.7.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.7.8.1
aliases CVE-2026-31887, GHSA-7vvp-j573-5584
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhxv-e8fu-tucd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/shopware/platform@6.6.10.12