| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31825 | Sylius has a DQL Injection via API Order Filters | Sylius | Sylius | Medium | 5.3 | 2026-03-10 21:33:26 | Deep Dive |
| CVE-2026-31824 | Sylius has a Promotion Usage Limit Bypass via Race Condition | Sylius | Sylius | High | 8.2 | 2026-03-10 21:32:17 | Deep Dive |
| CVE-2026-31823 | Sylius has Authenticated Stored XSS | Sylius | Sylius | Medium | 4.8 | 2026-03-10 21:29:14 | Deep Dive |
| CVE-2026-31822 | Sylius has a XSS vulnerability in checkout login form | Sylius | Sylius | - | - | 2026-03-10 21:27:39 | Deep Dive |
| CVE-2026-31821 | Sylius is Missing Authorization in API v2 Add Item Endpoint | Sylius | Sylius | - | - | 2026-03-10 21:25:20 | Deep Dive |
| CVE-2026-31820 | Sylius affected by IDOR in Cart and Checkout LiveComponents | Sylius | Sylius | - | - | 2026-03-10 21:22:37 | Deep Dive |
| CVE-2026-31819 | Sylius has an Open Redirect via Referer Header | Sylius | Sylius | - | - | 2026-03-10 21:19:00 | Deep Dive |
| CVE-2025-30152 | Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout | Sylius | PayPalPlugin | Medium | 6.5 | 2025-03-19 15:57:32 | Deep Dive |
| CVE-2025-29788 | Sylius PayPal Plugin Payment Amount Manipulation Vulnerability | Sylius | PayPalPlugin | Medium | 6.5 | 2025-03-17 13:25:24 | Deep Dive |
| CVE-2021-3841 | Stored Cross-site Scripting (XSS) in sylius/sylius | sylius | sylius/sylius | - | - | 2024-11-15 10:52:01 | Deep Dive |
| CVE-2024-40633 | Customer data leak via adjustments API endpoint in Sylius | Sylius | Sylius | Medium | 5.3 | 2024-07-17 17:51:46 | Deep Dive |
| CVE-2024-34349 | Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel | Sylius | Sylius | Medium | 4.8 | 2024-05-10 15:29:40 | Deep Dive |
| CVE-2022-24752 | SQL Injection through sorting parameters in SyliusGridBundle | Sylius | SyliusGridBundle | Critical | 9.8 | 2022-03-15 14:40:13 | Deep Dive |
| CVE-2022-24749 | Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius | Sylius | Sylius | Medium | 6.1 | 2022-03-14 21:45:13 | Deep Dive |
| CVE-2022-24743 | Insufficient Session Expiration in Sylius | Sylius | Sylius | High | 7.1 | 2022-03-14 21:00:14 | Deep Dive |
| CVE-2022-24742 | Exposure of Sensitive Information Due to Incompatible Policies in Sylius | Sylius | Sylius | Medium | 5.0 | 2022-03-14 19:20:10 | Deep Dive |
| CVE-2022-24733 | Improper Restriction of Rendered UI Layers or Frames in Sylius | Sylius | Sylius | Medium | 6.1 | 2022-03-14 18:50:10 | Deep Dive |
| CVE-2021-41120 | Unauthorized access to Credit card form in sylius/paypal-plugin | Sylius | PayPalPlugin | High | 7.5 | 2021-10-05 20:35:10 | Deep Dive |
| CVE-2021-32720 | List of order ids, number, items total and token value exposed for unauthorized uses via new API | Sylius | Sylius | Medium | 5.3 | 2021-06-28 18:45:11 | Deep Dive |
| CVE-2020-15245 | Email verification bypass in Sylius | Sylius | Sylius | Medium | 4.3 | 2020-10-19 20:50:16 | Deep Dive |