Browse all 25 CVE security advisories affecting Sylius. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sylius is an open-source e-commerce framework built on the Symfony PHP framework, designed for developers seeking a flexible foundation for custom online stores. Its architecture relies heavily on standard web technologies, making it susceptible to typical application-layer vulnerabilities. Historically, recorded Common Vulnerabilities and Exposures (CVEs) frequently involve SQL injection, cross-site scripting (XSS), and insecure direct object references, stemming from complex form handling and API endpoints. While the project maintains an active security team, the sheer volume of dependencies inherent in Symfony-based applications increases the attack surface. Notable incidents have primarily focused on authentication bypasses and privilege escalation flaws within administrative interfaces rather than widespread data breaches. Users must prioritize regular dependency updates and strict input validation to mitigate risks associated with its extensive plugin ecosystem and custom implementation requirements.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-30152 | Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout — PayPalPluginCWE-472 | 6.5 | Medium | 2025-03-19 |
| CVE-2025-29788 | Sylius PayPal Plugin Payment Amount Manipulation Vulnerability — PayPalPluginCWE-472 | 6.5 | Medium | 2025-03-17 |
| CVE-2021-41120 | Unauthorized access to Credit card form in sylius/paypal-plugin — PayPalPluginCWE-200 | 7.5 | High | 2021-10-05 |
This page lists every published CVE security advisory associated with Sylius. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.