Visit our security reporting form to report security vulnerabilities and to take part in our bug bounty program.
Security: shopware/shopware
Security
SECURITY.md
-
Insecure direct object reference of log files of the Import/Export featureGHSA-54gp-qff8-946c published
Aug 16, 2021 by shyimModerate -
Cross-Site Scripting via SVG media filesGHSA-fc38-mxwr-pfhx published
Aug 16, 2021 by shyimLow -
Authenticated server-side request forgery in file upload via URL.GHSA-gcvv-gq92-x94r published
Aug 16, 2021 by shyimLow -
Manipulation of product reviews via APIGHSA-9f8f-574q-8jmf published
Aug 16, 2021 by shyimModerate -
Creation of order credits was not validated by acl in admin ordersGHSA-g7w8-pp9w-7p32 published
Jun 24, 2021 by shyimLow -
Internal hidden fields are visible on to many associations in admin apiGHSA-gpmh-g94g-qrhr published
Jun 24, 2021 by shyimModerate -
Private files publicly accessible with Cloud Storage providersGHSA-vrf2-xghr-j52v published
Jun 24, 2021 by shyimHigh -
non-admin users can create integration role with administrator roleGHSA-243q-g9j3-qf6r published
Jun 24, 2021 by shyimModerate -
Canceling of orders not related to the logged-in userGHSA-wq3r-jwrq-xg6w published
Jun 24, 2021 by shyimModerate -
After order payment process manipulationGHSA-88rc-3p98-rgvx published
Apr 12, 2021 by shopwareBotCritical
Learn more about advisories related to shopware/shopware in the GitHub Advisory Database