| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35407 | Saleor has Cross-Account Email Change via Unbound Confirmation Token | saleor | saleor | - | - | 2026-04-08 17:24:40 | Deep Dive |
| CVE-2026-24136 | Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API | saleor | saleor | 中危 | - | 2026-01-23 23:38:31 | Deep Dive |
| CVE-2026-23499 | Saleor vulnerable to stored XSS via Unrestricted File Upload | saleor | saleor | - | - | 2026-01-21 21:36:20 | Deep Dive |
| CVE-2026-22849 | Saleor lacks proper HTML sanitization in rich text fields | saleor | saleor | - | - | 2026-01-21 21:31:15 | Deep Dive |
| CVE-2025-58442 | Saleor has user enumeration vulnerability due to different error messages | saleor | saleor | Medium | 5.3 | 2025-09-09 19:46:46 | Deep Dive |
| CVE-2024-31205 | Saleor CSRF bypass in refreshToken mutation | saleor | saleor | Medium | 4.2 | 2024-04-08 14:26:31 | Deep Dive |
| CVE-2024-29888 | Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | saleor | saleor | Medium | 4.2 | 2024-03-27 18:53:45 | Deep Dive |
| CVE-2024-29036 | Saleor Storefront session leak in cache | saleor | storefront | Medium | 4.3 | 2024-03-20 20:39:01 | Deep Dive |
| CVE-2023-3294 | Cross-site Scripting (XSS) - DOM in saleor/react-storefront | saleor | saleor/react-storefront | 中危 | - | 2023-06-16 00:00:00 | Deep Dive |
| CVE-2023-32694 | Non-constant time HMAC comparison in Adyen plugin in Saleor | saleor | saleor | Medium | 4.8 | 2023-05-25 14:29:10 | Deep Dive |
| CVE-2023-26052 | Saleor is vulnerable to unauthenticated information disclosure via Python exceptions | saleor | saleor | Low | 3.7 | 2023-03-02 18:54:33 | Deep Dive |
| CVE-2023-26051 | Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions | saleor | saleor | Medium | 6.5 | 2023-03-02 18:29:49 | Deep Dive |
| CVE-2022-39275 | Improper object type validation in saleor | saleor | saleor | Medium | 5.3 | 2022-10-06 00:00:00 | Deep Dive |
| CVE-2022-0932 | Missing Authorization in saleor/saleor | saleor | saleor/saleor | 中危 | - | 2022-03-11 00:00:00 | Deep Dive |
| CVE-2020-15085 | Client caching login operation with plaintext password in Saleor Storefront | mirumee | saleor-storefront | Medium | 6.9 | 2020-06-30 16:25:13 | Deep Dive |
| CVE-2019-1010304 | Mirumee Saleor 访问控制错误漏洞 | Saleor | Saleor | 中危 | - | 2019-07-15 14:45:39 | Deep Dive |