Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

spree — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting spree. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by spree:spreespree_auth_devise
CVE IDTitleCVSSSeverityPublished
CVE-2026-25757 Unauthenticated Spree Commerce users can view completed guest orders by Order ID — spreeCWE-639 5.3AIMediumAI2026-02-06
CVE-2026-25758 Spree allows unauthenticated users can access all guest addresses — spreeCWE-639 6.5AIMediumAI2026-02-06
CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address — spreeCWE-639 7.5 High2026-01-10
CVE-2026-22588 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification — spreeCWE-639 6.5 Medium2026-01-08
CVE-2021-41275 Authentication Bypass by CSRF Weakness — spree_auth_deviseCWE-352 9.3 Critical2021-11-17
CVE-2020-26223 Authorization bypass in Spree — spreeCWE-863 7.7 High2020-11-13
CVE-2020-15269 Expired token reuse in Spree — spreeCWE-287 7.4 High2020-10-20

This page lists every published CVE security advisory associated with spree. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.