Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sylius — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting Sylius. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Sylius:SyliusSyliusResourceBundlePayPalPluginSyliusGridBundlesylius/sylius
CVE IDTitleCVSSSeverityPublished
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters — SyliusCWE-89 5.3 Medium2026-03-10
CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition — SyliusCWE-362 8.2 High2026-03-10
CVE-2026-31823 Sylius has Authenticated Stored XSS — SyliusCWE-79 4.8 Medium2026-03-10
CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form — SyliusCWE-79 6.1AIMediumAI2026-03-10
CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint — SyliusCWE-862 5.3AIMediumAI2026-03-10
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents — SyliusCWE-639 8.1AIHighAI2026-03-10
CVE-2026-31819 Sylius has an Open Redirect via Referer Header — SyliusCWE-601 6.1AIMediumAI2026-03-10
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout — PayPalPluginCWE-472 6.5 Medium2025-03-19
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability — PayPalPluginCWE-472 6.5 Medium2025-03-17
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius — sylius/syliusCWE-79 5.4AIMediumAI2024-11-15
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius — SyliusCWE-200 5.3 Medium2024-07-17
CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel — SyliusCWE-79 4.8 Medium2024-05-10
CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle — SyliusGridBundleCWE-89 9.8 Critical2022-03-15
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius — SyliusCWE-80 6.1 Medium2022-03-14
CVE-2022-24743 Insufficient Session Expiration in Sylius — SyliusCWE-613 7.1 High2022-03-14
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius — SyliusCWE-200 5.0 Medium2022-03-14
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius — SyliusCWE-1021 6.1 Medium2022-03-14
CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin — PayPalPluginCWE-200 7.5 High2021-10-05
CVE-2021-32720 List of order ids, number, items total and token value exposed for unauthorized uses via new API — SyliusCWE-200 5.3 Medium2021-06-28
CVE-2020-15245 Email verification bypass in Sylius — SyliusCWE-79 4.3 Medium2020-10-19
CVE-2020-15143 Remote Code Execution in SyliusResourceBundle — SyliusResourceBundleCWE-74 7.7 High2020-08-19
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle — SyliusResourceBundleCWE-74 9.6 Critical2020-08-19
CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments — SyliusCWE-444 4.4 Medium2020-01-27
CVE-2020-5220 Ability to expose data in Sylius by using an unintended serialisation group — SyliusResourceBundleCWE-444 4.4 Medium2020-01-27
CVE-2019-16768 Internal exception message exposure for login action in Sylius — SyliusCWE-209 3.5 Low2019-12-05

This page lists every published CVE security advisory associated with Sylius. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.