Visit our security reporting form to report security vulnerabilities and to take part in our bug bounty program.
Security: shopware/shopware
Security
SECURITY.md
-
Improper Input Newsletter subscription option validationGHSA-46h7-vj7x-fxg2 published
Jan 17, 2023 by shyimModerate -
Server-Side Request Forgery (SSRF) in Admin SDKGHSA-7gm7-8q8v-9gf2 published
Apr 20, 2022 by shyimModerate -
Improper Access Control in SalesChannelContext/CartGHSA-9wrv-g75h-8ccc published
Apr 20, 2022 by shyimHigh -
Guest session is shared between customersGHSA-jp6h-mxhx-pgqh published
Mar 9, 2022 by shyimCritical -
HTTP caching is marking private HTTP headers as publicGHSA-6wrh-279j-6hvw published
Mar 9, 2022 by shyimHigh -
Modify Customers, create Orders without App PermissionGHSA-83vp-6jqg-6cmr published
Mar 9, 2022 by shyimLow -
HTML injection possibility in voucher code formGHSA-952p-fqcp-g8pc published
Mar 9, 2022 by shyimModerate -
User session is not logged out if the password is reset via password recoveryGHSA-w267-m9c4-8555 published
Mar 9, 2022 by shyimModerate -
Webcache Poisoning via X-Forwarded-Prefix and sub-requestGHSA-r64m-qchj-hrjp published
Nov 24, 2021 by shyimCritical -
Command injection in mail agent settingsGHSA-xh55-2fqp-p775 published
Aug 16, 2021 by shyimModerate
Learn more about advisories related to shopware/shopware in the GitHub Advisory Database