magento/project-community-edition
Packagist161 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting magento/project-community-editionpage 3 of 4
- CVE-2024-20759HIGHCVSS 8.1EG 8.12024-04-10
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable …
- CVE-2024-39398HIGHCVSS 7.4EG 7.42024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit…
- CVE-2024-39399HIGHCVSS 7.7EG 7.72024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low…
- CVE-2024-39400HIGHCVSS 8.1EG 8.12024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript co…
- CVE-2024-39401HIGHCVSS 8.4EG 8.42024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut…
- CVE-2024-39402HIGHCVSS 8.4EG 8.42024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execut…
- CVE-2024-39403HIGHCVSS 7.6EG 7.62024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form…
- CVE-2024-39404MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39405MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39407MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39411MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39413MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39414MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39415MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39416MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39417MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39418MEDIUMCVSS 5.4EG 5.42024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2024-39419MEDIUMCVSS 4.3EG 4.32024-08-14
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability …
- CVE-2025-24406HIGHCVSS 7.5EG 7.52025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature…
- CVE-2025-24408MEDIUMCVSS 6.5EG 6.52025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized ac…
- CVE-2025-24409HIGHCVSS 8.2EG 8.22025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabili…
- CVE-2025-24410HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24411HIGHCVSS 8.1EG 8.12025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24412HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24413HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24414HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24415HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24416HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24417HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24421MEDIUMCVSS 4.3EG 4.32025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this…
- CVE-2025-24424MEDIUMCVSS 6.5EG 6.52025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24425MEDIUMCVSS 5.3EG 5.32025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to …
- CVE-2025-24427MEDIUMCVSS 6.5EG 6.52025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
- CVE-2025-24428MEDIUMCVSS 5.4EG 5.42025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-24429LOWCVSS 3.5EG 3.52025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged a…
- CVE-2025-24430LOWCVSS 3.7EG 3.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could e…
- CVE-2025-24432LOWCVSS 3.7EG 3.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could e…
- CVE-2025-24434CRITICALCVSS 9.1EG 9.12025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to …
- CVE-2025-24435MEDIUMCVSS 4.3EG 4.32025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vul…
- CVE-2025-24436MEDIUMCVSS 4.3EG 4.32025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this…
- CVE-2025-24437MEDIUMCVSS 5.4EG 5.42025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this…
- CVE-2025-24438HIGHCVSS 8.7EG 8.72025-02-11
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into …
- CVE-2025-27190MEDIUMCVSS 5.3EG 5.32025-04-08
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…
- CVE-2025-27191MEDIUMCVSS 5.3EG 5.32025-04-08
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…
- CVE-2025-27192LOWCVSS 2.7EG 2.72025-04-08
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could …
- CVE-2025-27206MEDIUMCVSS 5.3EG 5.32025-06-10
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to …
- CVE-2025-43585HIGHCVSS 8.2EG 8.22025-06-10
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to b…
- CVE-2025-49549LOWCVSS 2.7EG 2.72025-06-25
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vu…
- CVE-2025-49550MEDIUMCVSS 4.3EG 4.32025-06-25
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to …
- CVE-2025-49554HIGHCVSS 7.5EG 7.52025-08-12
vulnerable: 0.1.0-alpha100 ... 2.0.2 (53 versions)
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit th…
Check whether magento/project-community-edition is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for magento/project-community-edition CVEs against the assets you own.
Start Free Scan →