Security Advisories - magento/project-community-edition

magento/project-community-edition Security Advisories for 0.74.0-beta5 (39)

[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce

PKSA-yyc4-y66r-jjjj CVE-2025-24434 GHSA-fppq-f2m6-xv5c

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Open Source has Improper Access Control vulnerability

PKSA-qzv8-1n8s-nwtw CVE-2022-35692 GHSA-gm4m-9rm8-7rxj

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Improper Authorization vulnerability in the customers module

PKSA-6s73-s4rz-4fyb CVE-2021-28567 GHSA-cc3w-r3w8-hfh7

Affected version: <=2.0.2

Reported by:
GitHub
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats

PKSA-1s1d-4jtm-mgtx CVE-2021-28583 GHSA-7gh6-f4jh-3crq

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies

PKSA-jcpc-gqzs-vckj CVE-2021-28556 GHSA-39ch-rg26-gmq5

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Improper input validation vulnerability

PKSA-kf59-4nmv-jgxn CVE-2021-28585 GHSA-c38m-9668-6j2w

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Path Traversal vulnerability

PKSA-wsvj-3mm9-cfsj CVE-2021-28584 GHSA-7gpv-xrjr-f5h4

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Insufficient Session Expiration

PKSA-zczy-vth9-dsr8 CVE-2021-21031 GHSA-4h3p-63x6-vwg2

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Insufficient Session Expiration

PKSA-srzx-p6c6-js6b CVE-2021-21032 GHSA-4jfq-f8hc-775q

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module

PKSA-m69c-bhkr-wybc CVE-2021-21022 GHSA-8pfq-g48p-x7w8

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console

PKSA-2j3k-3g44-cnjj CVE-2021-21023 GHSA-h5rm-m772-6qcx

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento improper authorization vulnerability in the integrations module

PKSA-4v3y-vz4c-v2jc CVE-2021-21026 GHSA-crjc-2v9m-8w7r

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

PKSA-nr3b-gd6w-ssxv CVE-2021-21027 GHSA-h4xc-577p-hgj9

Affected version: <=2.0.2

Reported by:
GitHub
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature

PKSA-sv5d-15yf-jkvt CVE-2021-21030 GHSA-6988-g89m-27vf

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento XPath Injection

PKSA-vf7x-93bd-9dxz CVE-2021-21025 GHSA-h437-qjj9-vmq4

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Improper Access Control

PKSA-g3cj-592k-1jnk CVE-2021-21020 GHSA-2j6v-829g-885q

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento vulnerable to a file upload restriction bypass

PKSA-9362-vs4v-j6vt CVE-2021-21014 GHSA-269w-pqc7-68q9

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento OS command injection via the WebAPI

PKSA-3x4h-dj99-1bb6 CVE-2021-21016 GHSA-792f-c8mp-2cr5

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload

PKSA-5gcm-4f3h-ccq3 CVE-2020-24407 GHSA-7pxg-6p87-8c9v

Affected version: <=2.0.2

Reported by:
GitHub
[LOW] Magento incorrect user permissions vulnerability within the Inventory component

PKSA-z7pr-jrtx-p1ns CVE-2020-24403 GHSA-39rw-4m66-82gf

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component

PKSA-k3wv-nm33-qyds CVE-2020-24402 GHSA-hvf5-4jr9-fghh

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento 2 Community Edition Incorrect Authorization

PKSA-897p-xmvy-tt74 CVE-2020-24401 GHSA-f2g3-3c6q-4478

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability

PKSA-hwcd-t2bm-dpxv CVE-2020-9691 GHSA-g7pc-799q-743f

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento path traversal vulnerability

PKSA-vn8z-wfpr-9z9r CVE-2020-9689 GHSA-fr6f-xmfx-rrpq

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento security mitigation bypass vulnerability

PKSA-rwgp-ksc5-wcwr CVE-2020-9632 GHSA-6w29-x5j4-qhrw

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento business logic error vulnerability

PKSA-mxvf-4dqk-jkm7 CVE-2020-9630 GHSA-5j4w-v87m-8r65

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento security mitigation bypass vulnerability

PKSA-kxq8-h6yb-km6x CVE-2020-9631 GHSA-gffx-9f36-r8wp

Affected version: <=2.0.2

Reported by:
GitHub
[HIGH] Magento Signature verification bypass

PKSA-b4sj-b4fw-vq95 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3

Affected version: <=2.0.2

Reported by:
GitHub
[HIGH] Magento authorization bypass vulnerability

PKSA-xt9x-ch8p-mqqg CVE-2020-9587 GHSA-8wm7-h2qh-ff4c

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability

PKSA-7h8p-1s1w-tr6y CVE-2020-9585 GHSA-55gv-hfg3-hwjq

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento Stored cross-site scripting

PKSA-pn9b-bn7v-6qgq CVE-2020-9584 GHSA-45h4-6gcj-6hwv

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento command injection vulnerability

PKSA-z6wq-jnnt-bc5n CVE-2020-9583 GHSA-c55h-7q4j-g6rq

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento command injection vulnerability

PKSA-d3r6-279w-y1d1 CVE-2020-9582 GHSA-c3m4-hxv9-4mxj

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento stored cross-site scripting vulnerability

PKSA-85pv-nkv7-zjm3 CVE-2020-9581 GHSA-2w2x-7qgj-4x78

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento Security mitigation bypass vulnerability

PKSA-fbhc-z78m-yk4d CVE-2020-9580 GHSA-j2jp-58gv-g2pg

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento command injection vulnerability

PKSA-7t4x-z168-kw9z CVE-2020-9578 GHSA-724x-gqhv-9c5x

Affected version: <=2.0.2

Reported by:
GitHub
[MEDIUM] Magento stored cross-site scripting vulnerability

PKSA-bk74-986b-ccds CVE-2020-9577 GHSA-689w-2f93-2x67

Affected version: <=2.0.2

Reported by:
GitHub
[CRITICAL] Magento command injection vulnerability

PKSA-n1g6-9qfx-sxg9 CVE-2020-9576 GHSA-4f7x-gjqc-qqpg

Affected version: <=2.0.2

Reported by:
GitHub
[HIGH] Magento 2 Community Edition RCE Vulnerability

PKSA-dj7f-ngy7-v828 CVE-2019-8114 GHSA-crv7-r357-gw3w

Affected version: <1.9.4.3

Reported by:
GitHub

magento/project-community-edition Security Advisories for 0.74.0-beta5 (39)

[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce

[MEDIUM] Magento Open Source has Improper Access Control vulnerability

[MEDIUM] Magento Improper Authorization vulnerability in the customers module

[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats

[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies

[MEDIUM] Magento Improper input validation vulnerability

[MEDIUM] Magento Path Traversal vulnerability

[MEDIUM] Magento Insufficient Session Expiration

[MEDIUM] Magento Insufficient Session Expiration

[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module

[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console

[MEDIUM] Magento improper authorization vulnerability in the integrations module

[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature

[CRITICAL] Magento XPath Injection

[MEDIUM] Magento Improper Access Control

[CRITICAL] Magento vulnerable to a file upload restriction bypass

[CRITICAL] Magento OS command injection via the WebAPI

[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload

[LOW] Magento incorrect user permissions vulnerability within the Inventory component

[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component

[MEDIUM] Magento 2 Community Edition Incorrect Authorization

[CRITICAL] Magento DOM-based Cross-site scripting vulnerability

[MEDIUM] Magento path traversal vulnerability

[CRITICAL] Magento security mitigation bypass vulnerability

[CRITICAL] Magento business logic error vulnerability

[CRITICAL] Magento security mitigation bypass vulnerability

[HIGH] Magento Signature verification bypass

[HIGH] Magento authorization bypass vulnerability

[CRITICAL] Magento Defense-in-depth security mitigation vulnerability

[MEDIUM] Magento Stored cross-site scripting

[CRITICAL] Magento command injection vulnerability

[CRITICAL] Magento command injection vulnerability

[MEDIUM] Magento stored cross-site scripting vulnerability

[CRITICAL] Magento Security mitigation bypass vulnerability

[CRITICAL] Magento command injection vulnerability

[MEDIUM] Magento stored cross-site scripting vulnerability

[CRITICAL] Magento command injection vulnerability

[HIGH] Magento 2 Community Edition RCE Vulnerability