FLAT-E9SNY (CVE-2026-48016)
Spoofing In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-QY5SP (CVE-2026-48014)
Improper authorization control for web services In shopware/core
5.7
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-UYXYA (CVE-2026-48011)
Lack of data validation - Path Traversal In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-IXP3Q (CVE-2026-31888)
User enumeration In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-N91IY (CVE-2026-31887)
Authentication mechanism absence or evasion In shopware/core
6.3
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-1H0ES (CVE-2026-23498)
Lack of data validation In shopware/core
7.6
High
Ecosystem: Packagist
Package: shopware/core
FLAT-IBE6I (GHSA-2w46-vq8h-98vh)
Account Takeover In shopware/core
8.1
High
Ecosystem: Packagist
Package: shopware/core
FLAT-7G2VY (CVE-2025-30151)
Lack of data validation In shopware/core
6.6
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-QYHBE (CVE-2025-30150)
User enumeration In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-EUGZC (CVE-2024-42357)
SQL injection - Code In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-LNFE3 (CVE-2024-42356)
Server side template injection In shopware/core
6.2
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-V3QQC (CVE-2024-42354)
Improper authorization control for web services In shopware/core
2.1
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-CWE60 (CVE-2024-31447)
Insecure session management In shopware/core
4.6
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-972PM (CVE-2023-2017)
Server side template injection In shopware/core
6.3
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-FQ6GJ (CVE-2023-22732)
Session Fixation In shopware/core
1.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-MPS57 (CVE-2022-31148)
Server side cross-site scripting In shopware/core
1.2
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-4ZVMG (CVE-2022-31057)
Server side cross-site scripting In shopware/core
1.2
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-ZR2ZZ (CVE-2022-24871)
Server-side request forgery (SSRF) In shopware/core
4.7
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-6ARWQ (CVE-2022-24748)
Authentication mechanism absence or evasion In shopware/core
4.9
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-KV2F0 (CVE-2022-24747)
Sensitive information sent insecurely In shopware/core
2.3
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-HTFXN (CVE-2021-37707)
Lack of data validation In shopware/core
4.9
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-NRDUZ (CVE-2021-37710)
Reflected cross-site scripting (XSS) In shopware/core
6.1
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-2RAML (GHSA-243q-g9j3-qf6r)
Excessive privileges In shopware/core
5.8
Medium
Ecosystem: Packagist
Package: shopware/core
FLAT-7W6BA (GHSA-gpmh-g94g-qrhr)
Business information leak In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-3058K (GHSA-g7w8-pp9w-7p32)
Authentication mechanism absence or evasion In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-1HM2S (GHSA-qg7c-q3vq-rgxr)
Sensitive information sent insecurely In shopware/core
1.2
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-1LWH3 (GHSA-5q58-x5h2-v5rx)
Authentication mechanism absence or evasion In shopware/core
2.7
Low
Ecosystem: Packagist
Package: shopware/core
FLAT-N8P8Y (GHSA-p68v-frgx-4rjp)
Asymmetric denial of service In shopware/core
6.6
Medium
Ecosystem: Packagist
Package: shopware/core