Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

shopware — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in shopware, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the Shopware e-commerce platform, specifically focusing on common weakness types and applicable tags. It aggregates reported flaws and advisories spanning a comprehensive historical period, capturing incidents from initial discovery through to final resolution. By utilizing this resource, users can effectively track vendor advisories issued by the Shopware security team, gain a deeper understanding of specific weakness classes within the platform's architecture, and review the complete vulnerability history of the product to assess risk exposure over time. The data presented here is compiled from official channels and verified security reports to ensure accuracy and relevance for developers, system administrators, and security analysts. This collection serves as a central reference point for identifying past issues that may still impact older versions or influence the security posture of current deployments. Understanding these patterns helps in applying appropriate patches and configuring secure environments to mitigate potential threats. The information is structured to facilitate easy navigation through different severity levels and release cycles, allowing stakeholders to quickly pinpoint relevant information for their specific needs. This approach supports proactive security management and informed decision-making regarding software updates and maintenance schedules.

Vendor: shopware

CVE IDTitleCVSSSeverityPublished
CVE-2026-48011 Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames CWE-208 3.7 Low2026-06-10
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views CWE-94 7.2 High2026-01-14
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page CWE-79 7.1 High2025-12-10
CVE-2025-7954 Race Condition in Shopware Voucher Submission CWE-362 5.9AIMediumAI2025-08-06
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse CWE-799 6.5AIMediumAI2025-04-09
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api CWE-204 5.3AIMediumAI2025-04-08
CVE-2025-30151 Shopware allows Denial Of Service via password length CWE-20 7.5 High2025-04-08
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations CWE-89 7.3 High2024-08-08
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions CWE-1336 8.3 High2024-08-08
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag CWE-1336 8.3 High2024-08-08
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api CWE-284 5.3 Medium2024-08-08
CVE-2024-31447 Shopware has Improper Session Handling in store-api CWE-613 5.3 Medium2024-04-08
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages CWE-524 7.5 High2024-03-06
CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware CWE-89 9.3 Critical2024-01-16
CVE-2024-22407 Broken Access Control order API in Shopware CWE-284 4.9 Medium2024-01-16
CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder CWE-918 7.6 High2024-01-16
CVE-2023-34099 Improper mail validation in Shopware CWE-754 5.3 Medium2023-06-27
CVE-2023-34098 Dependency configuration exposed in Shopware CWE-200 5.3 Medium2023-06-27
CVE-2022-36102 Acess control list bypassed via crafted specific URLs CWE-281 6.3 Medium2022-09-12
CVE-2022-36101 Sensitive data in backend customer module CWE-200 5.4 Medium2022-09-12
CVE-2022-31148 Persistent cross site scripting in customer module in Shopware CWE-79 5.4 Medium2022-08-01
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration CWE-79 6.5 Medium2022-06-27
CVE-2022-24892 Multiple valid tokens for password reset in Shopware CWE-640 6.4 Medium2022-04-28
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation CWE-352 7.5 High2022-04-28
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront CWE-79 5.4 Medium2022-04-28
CVE-2022-21652 Insufficient Session Expiration in shopware CWE-613 3.5 Low2022-01-05
CVE-2022-21651 Open redirect in shopware CWE-601 6.8 Medium2022-01-05
CVE-2021-41188 Authenticated Stored XSS in Administration CWE-79 5.7 Medium2021-10-26
CVE-2021-32712 Information leakage in Error Handler CWE-200 5.3 Medium2021-06-24
CVE-2021-32713 Authenticated Stored XSS CWE-79 4.8 Medium2021-06-24

All 30 known CVE vulnerabilities affecting shopware with full Chinese analysis, references, and POCs where available.