Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sylius — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Sylius, with AI-generated Chinese analysis, references, and POCs.

Vendor: Sylius

CVE IDTitleCVSSSeverityPublished
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters CWE-89 5.3 Medium2026-03-10
CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition CWE-362 8.2 High2026-03-10
CVE-2026-31823 Sylius has Authenticated Stored XSS CWE-79 4.8 Medium2026-03-10
CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form CWE-79 6.1AIMediumAI2026-03-10
CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint CWE-862 5.3AIMediumAI2026-03-10
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents CWE-639 8.1AIHighAI2026-03-10
CVE-2026-31819 Sylius has an Open Redirect via Referer Header CWE-601 6.1AIMediumAI2026-03-10
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius CWE-200 5.3 Medium2024-07-17
CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel CWE-79 4.8 Medium2024-05-10
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius CWE-80 6.1 Medium2022-03-14
CVE-2022-24743 Insufficient Session Expiration in Sylius CWE-613 7.1 High2022-03-14
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius CWE-200 5.0 Medium2022-03-14
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius CWE-1021 6.1 Medium2022-03-14
CVE-2021-32720 List of order ids, number, items total and token value exposed for unauthorized uses via new API CWE-200 5.3 Medium2021-06-28
CVE-2020-15245 Email verification bypass in Sylius CWE-79 4.3 Medium2020-10-19
CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments CWE-444 4.4 Medium2020-01-27
CVE-2019-16768 Internal exception message exposure for login action in Sylius CWE-209 3.5 Low2019-12-05

All 17 known CVE vulnerabilities affecting Sylius with full Chinese analysis, references, and POCs where available.