Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sylius — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting Sylius. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sylius is an open-source e-commerce framework built on the Symfony PHP framework, designed for developers seeking a flexible foundation for custom online stores. Its architecture relies heavily on standard web technologies, making it susceptible to typical application-layer vulnerabilities. Historically, recorded Common Vulnerabilities and Exposures (CVEs) frequently involve SQL injection, cross-site scripting (XSS), and insecure direct object references, stemming from complex form handling and API endpoints. While the project maintains an active security team, the sheer volume of dependencies inherent in Symfony-based applications increases the attack surface. Notable incidents have primarily focused on authentication bypasses and privilege escalation flaws within administrative interfaces rather than widespread data breaches. Users must prioritize regular dependency updates and strict input validation to mitigate risks associated with its extensive plugin ecosystem and custom implementation requirements.

Top products by Sylius: Sylius SyliusResourceBundle PayPalPlugin SyliusGridBundle sylius/sylius
CVE IDTitleCVSSSeverityPublished
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters — SyliusCWE-89 5.3 Medium2026-03-10
CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition — SyliusCWE-362 8.2 High2026-03-10
CVE-2026-31823 Sylius has Authenticated Stored XSS — SyliusCWE-79 4.8 Medium2026-03-10
CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form — SyliusCWE-79 6.1AIMediumAI2026-03-10
CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint — SyliusCWE-862 5.3AIMediumAI2026-03-10
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents — SyliusCWE-639 8.1AIHighAI2026-03-10
CVE-2026-31819 Sylius has an Open Redirect via Referer Header — SyliusCWE-601 6.1AIMediumAI2026-03-10
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout — PayPalPluginCWE-472 6.5 Medium2025-03-19
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability — PayPalPluginCWE-472 6.5 Medium2025-03-17
CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius — sylius/syliusCWE-79 5.4AIMediumAI2024-11-15
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius — SyliusCWE-200 5.3 Medium2024-07-17
CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel — SyliusCWE-79 4.8 Medium2024-05-10
CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle — SyliusGridBundleCWE-89 9.8 Critical2022-03-15
CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius — SyliusCWE-80 6.1 Medium2022-03-14
CVE-2022-24743 Insufficient Session Expiration in Sylius — SyliusCWE-613 7.1 High2022-03-14
CVE-2022-24742 Exposure of Sensitive Information Due to Incompatible Policies in Sylius — SyliusCWE-200 5.0 Medium2022-03-14
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius — SyliusCWE-1021 6.1 Medium2022-03-14
CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin — PayPalPluginCWE-200 7.5 High2021-10-05
CVE-2021-32720 List of order ids, number, items total and token value exposed for unauthorized uses via new API — SyliusCWE-200 5.3 Medium2021-06-28
CVE-2020-15245 Email verification bypass in Sylius — SyliusCWE-79 4.3 Medium2020-10-19
CVE-2020-15143 Remote Code Execution in SyliusResourceBundle — SyliusResourceBundleCWE-74 7.7 High2020-08-19
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle — SyliusResourceBundleCWE-74 9.6 Critical2020-08-19
CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments — SyliusCWE-444 4.4 Medium2020-01-27
CVE-2020-5220 Ability to expose data in Sylius by using an unintended serialisation group — SyliusResourceBundleCWE-444 4.4 Medium2020-01-27
CVE-2019-16768 Internal exception message exposure for login action in Sylius — SyliusCWE-209 3.5 Low2019-12-05

This page lists every published CVE security advisory associated with Sylius. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.