Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

saleor — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting saleor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by saleor:Saleorsaleor/saleorsaleor/react-storefrontstorefront
CVE IDTitleCVSSSeverityPublished
CVE-2026-39851 Saleor has a user enumeration vulnerability due to different error messages — saleorCWE-204 5.3AIMediumAI2026-04-08
CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token — saleorCWE-285 5.3AIMediumAI2026-04-08
CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries — saleorCWE-770 7.5 High2026-04-08
CVE-2026-33756 Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching — saleorCWE-770 7.5 High2026-04-08
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API — saleorCWE-639 7.5 -2026-01-23
CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload — saleorCWE-79 6.5AIMediumAI2026-01-21
CVE-2026-22849 Saleor lacks proper HTML sanitization in rich text fields — saleorCWE-83 5.4AIMediumAI2026-01-21
CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages — saleorCWE-204 5.3 Medium2025-09-09
CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation — saleorCWE-352 4.2 Medium2024-04-08
CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method — saleorCWE-359 4.2 Medium2024-03-27
CVE-2024-29036 Saleor Storefront session leak in cache — storefrontCWE-200 4.3 Medium2024-03-20
CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront — saleor/react-storefrontCWE-79 6.1 -2023-06-16
CVE-2023-32694 Non-constant time HMAC comparison in Adyen plugin in Saleor — saleorCWE-203 4.8 Medium2023-05-25
CVE-2023-26052 Saleor is vulnerable to unauthenticated information disclosure via Python exceptions — saleorCWE-209 3.7 Low2023-03-02
CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions — saleorCWE-209 6.5 Medium2023-03-02
CVE-2022-39275 Improper object type validation in saleor — saleorCWE-863 5.3 Medium2022-10-06
CVE-2022-0932 Missing Authorization in saleor/saleor — saleor/saleorCWE-862 7.1 -2022-03-11
CVE-2019-1010304 Mirumee Saleor 访问控制错误漏洞 — Saleor 5.3 -2019-07-15

This page lists every published CVE security advisory associated with saleor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.