Visit our security reporting form to report security vulnerabilities and to take part in our bug bounty program.
Security: shopware5/shopware
Security
SECURITY.md
-
Improper mail validationGHSA-gh66-fp7j-98v5 published
Jun 27, 2023 by mitelgLow -
Dependency configuration exposedGHSA-q97c-2mh3-pgw9 published
Jun 27, 2023 by mitelgLow -
ACL could be bypassed if specific URLs are usedGHSA-qc43-pgwq-3q2q published
Sep 12, 2022 by mitelgLow -
Sensitive data in customer moduleGHSA-6vfq-jmxg-g58r published
Sep 12, 2022 by mitelgLow -
Persistent XSS in customer moduleGHSA-5834-xv5q-cgfw published
Jul 25, 2022 by mitelgModerate -
Authenticated Stored XSS in AdministrationGHSA-q754-vwc4-p6qj published
Jun 22, 2022 by mitelgModerate -
Multiple valid tokens for password resetGHSA-3qrq-r688-vvh4 published
Apr 28, 2022 by mitelgLow -
Malfunction of CSRF token validationGHSA-pf38-v6qj-j23h published
Apr 28, 2022 by mitelgLow -
Not-stored XSS in storefrontGHSA-4g29-fccr-p59w published
Apr 28, 2022 by mitelgLow -
Automatically invalidate sessions upon password changeGHSA-p523-jrph-qjc6 published
Jan 5, 2022 by mitelgModerate
Learn more about advisories related to shopware5/shopware in the GitHub Advisory Database