Visit our security reporting form to report security vulnerabilities and to take part in our bug bounty program.
Security: shopware/shopware
Security
SECURITY.md
-
Exposure of .env if project root is configured as web rootGHSA-3pcr-4982-548m published
Apr 12, 2021 by shopwareBotModerate -
Leak of information via Store-API aggregationsGHSA-qg7c-q3vq-rgxr published
Apr 12, 2021 by shopwareBotCritical -
Authenticated remote code executionGHSA-pjj4-jjgc-h3r8 published
Mar 8, 2021 by Phil23Moderate -
Potential Session HijackingGHSA-h9q8-5gv2-v6mg published
Mar 8, 2021 by Phil23Low -
Generation of fake documents via public GET-callGHSA-jvg4-9rc2-wvcr published
Feb 8, 2021 by Phil23Low -
Leak of information via Store-APIGHSA-f2vv-h5x4-57gr published
Feb 8, 2021 by Phil23Critical -
Authenticated Privilege EscalationGHSA-5q58-x5h2-v5rx published
Dec 15, 2020 by pweyckLow -
Authenticated Server Side Request ForgeryGHSA-8pfh-mm2g-hmc3 published
Dec 15, 2020 by pweyckLow -
Information exposure via query strings in URLGHSA-cq6h-w3mc-57f4 published
Dec 15, 2020 by pweyckLow -
Denial of Service via Cache FloodingGHSA-p68v-frgx-4rjp published
Oct 19, 2020 by Phil23Low
Learn more about advisories related to shopware/shopware in the GitHub Advisory Database