Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shopware — Vulnerabilities & Security Advisories 56

Browse all 56 CVE security advisories affecting shopware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by shopware:shopwareplatformcoreSwagPayPalcommercial
CVE IDTitleCVSSSeverityPublished
CVE-2026-32142 shopware/commercial: `/api/_info/config` route exposes information about licenses — commercialCWE-200 5.3 Medium2026-03-12
CVE-2026-31889 Shopware has a potential take over of app credentials — coreCWE-290 8.9 High2026-03-11
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint — coreCWE-204 5.3 Medium2026-03-11
CVE-2026-31887 Shopware unauthenticated data extraction possible through store-api.order endpoint — coreCWE-863 9.1AICriticalAI2026-03-11
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views — shopwareCWE-94 7.2 High2026-01-14
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page — shopwareCWE-79 7.1 High2025-12-10
CVE-2025-7954 Race Condition in Shopware Voucher Submission — ShopwareCWE-362 5.9AIMediumAI2025-08-06
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse — shopwareCWE-799 6.5AIMediumAI2025-04-09
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api — shopwareCWE-204 5.3AIMediumAI2025-04-08
CVE-2025-30151 Shopware allows Denial Of Service via password length — shopwareCWE-20 7.5 High2025-04-08
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations — shopwareCWE-89 7.3 High2024-08-08
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions — shopwareCWE-1336 8.3 High2024-08-08
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag — shopwareCWE-1336 8.3 High2024-08-08
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api — shopwareCWE-284 5.3 Medium2024-08-08
CVE-2024-31447 Shopware has Improper Session Handling in store-api — shopwareCWE-613 5.3 Medium2024-04-08
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages — shopwareCWE-524 7.5 High2024-03-06
CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware — shopwareCWE-89 9.3 Critical2024-01-16
CVE-2024-22407 Broken Access Control order API in Shopware — shopwareCWE-284 4.9 Medium2024-01-16
CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder — shopwareCWE-918 7.6 High2024-01-16
CVE-2023-34099 Improper mail validation in Shopware — shopwareCWE-754 5.3 Medium2023-06-27
CVE-2023-34098 Dependency configuration exposed in Shopware — shopwareCWE-200 5.3 Medium2023-06-27
CVE-2023-23941 SwagPayPal payment not sent to PayPal correctly — SwagPayPalCWE-345 7.5 High2023-02-03
CVE-2023-22733 Improper Output Neutralization in Log Module in shopware — platformCWE-532 2.7 Low2023-01-17
CVE-2023-22732 Insufficient Session Expiration in Administration in shopware — platformCWE-613 3.7 Low2023-01-17
CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware — platformCWE-94 10.0 Critical2023-01-17
CVE-2023-22730 Improper Input Validation of Clearance sale in cart — platformCWE-20 5.3 Medium2023-01-17
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware — platformCWE-20 4.3 Medium2023-01-17
CVE-2022-36102 Acess control list bypassed via crafted specific URLs — shopwareCWE-281 6.3 Medium2022-09-12
CVE-2022-36101 Sensitive data in backend customer module — shopwareCWE-200 5.4 Medium2022-09-12
CVE-2022-31148 Persistent cross site scripting in customer module in Shopware — shopwareCWE-79 5.4 Medium2022-08-01

This page lists every published CVE security advisory associated with shopware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.