Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shopware — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in shopware, with AI-generated Chinese analysis, references, and POCs.

Vendor: shopware

CVE IDTitleCVSSSeverityPublished
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views CWE-94 7.2 High2026-01-14
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page CWE-79 7.1 High2025-12-10
CVE-2025-7954 Race Condition in Shopware Voucher Submission CWE-362 5.9AIMediumAI2025-08-06
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse CWE-799 6.5AIMediumAI2025-04-09
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api CWE-204 5.3AIMediumAI2025-04-08
CVE-2025-30151 Shopware allows Denial Of Service via password length CWE-20 7.5 High2025-04-08
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations CWE-89 7.3 High2024-08-08
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions CWE-1336 8.3 High2024-08-08
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag CWE-1336 8.3 High2024-08-08
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api CWE-284 5.3 Medium2024-08-08
CVE-2024-31447 Shopware has Improper Session Handling in store-api CWE-613 5.3 Medium2024-04-08
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages CWE-524 7.5 High2024-03-06
CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware CWE-89 9.3 Critical2024-01-16
CVE-2024-22407 Broken Access Control order API in Shopware CWE-284 4.9 Medium2024-01-16
CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder CWE-918 7.6 High2024-01-16
CVE-2023-34099 Improper mail validation in Shopware CWE-754 5.3 Medium2023-06-27
CVE-2023-34098 Dependency configuration exposed in Shopware CWE-200 5.3 Medium2023-06-27
CVE-2022-36102 Acess control list bypassed via crafted specific URLs CWE-281 6.3 Medium2022-09-12
CVE-2022-36101 Sensitive data in backend customer module CWE-200 5.4 Medium2022-09-12
CVE-2022-31148 Persistent cross site scripting in customer module in Shopware CWE-79 5.4 Medium2022-08-01
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration CWE-79 6.5 Medium2022-06-27
CVE-2022-24892 Multiple valid tokens for password reset in Shopware CWE-640 6.4 Medium2022-04-28
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation CWE-352 7.5 High2022-04-28
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront CWE-79 5.4 Medium2022-04-28
CVE-2022-21652 Insufficient Session Expiration in shopware CWE-613 3.5 Low2022-01-05
CVE-2022-21651 Open redirect in shopware CWE-601 6.8 Medium2022-01-05
CVE-2021-41188 Authenticated Stored XSS in Administration CWE-79 5.7 Medium2021-10-26
CVE-2021-32712 Information leakage in Error Handler CWE-200 5.3 Medium2021-06-24
CVE-2021-32713 Authenticated Stored XSS CWE-79 4.8 Medium2021-06-24

All 29 known CVE vulnerabilities affecting shopware with full Chinese analysis, references, and POCs where available.