Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

shopware — Vulnerabilities & Security Advisories 56

Browse all 56 CVE security advisories affecting shopware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Shopware is an open-source e-commerce platform primarily utilized by mid-sized enterprises to manage online storefronts and complex product catalogs. Its architecture, built on PHP and Symfony components, has historically exposed it to a range of web application vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. Recent records indicate approximately 56 Common Vulnerabilities and Exposures (CVEs), reflecting ongoing challenges with input validation and access control mechanisms. Notable incidents often stem from insecure default configurations or delayed patching of critical plugins, allowing attackers to escalate privileges or execute arbitrary code. The platform’s modular extension system further complicates security hygiene, as third-party modules may introduce unvetted code paths. Consequently, administrators must rigorously audit dependencies and apply updates promptly to mitigate risks associated with its extensive feature set and frequent codebase modifications.

Found 29 results / 56Clear Filters
Top products by shopware: shopware platform core SwagPayPal commercial
CVE IDTitleCVSSSeverityPublished
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views — shopwareCWE-94 7.2 High2026-01-14
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page — shopwareCWE-79 7.1 High2025-12-10
CVE-2025-7954 Race Condition in Shopware Voucher Submission — ShopwareCWE-362 5.9AIMediumAI2025-08-06
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse — shopwareCWE-799 6.5AIMediumAI2025-04-09
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api — shopwareCWE-204 5.3AIMediumAI2025-04-08
CVE-2025-30151 Shopware allows Denial Of Service via password length — shopwareCWE-20 7.5 High2025-04-08
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations — shopwareCWE-89 7.3 High2024-08-08
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions — shopwareCWE-1336 8.3 High2024-08-08
CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag — shopwareCWE-1336 8.3 High2024-08-08
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api — shopwareCWE-284 5.3 Medium2024-08-08
CVE-2024-31447 Shopware has Improper Session Handling in store-api — shopwareCWE-613 5.3 Medium2024-04-08
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages — shopwareCWE-524 7.5 High2024-03-06
CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware — shopwareCWE-89 9.3 Critical2024-01-16
CVE-2024-22407 Broken Access Control order API in Shopware — shopwareCWE-284 4.9 Medium2024-01-16
CVE-2024-22408 Server-Side Request Forgery (SSRF) in Shopware Flow Builder — shopwareCWE-918 7.6 High2024-01-16
CVE-2023-34099 Improper mail validation in Shopware — shopwareCWE-754 5.3 Medium2023-06-27
CVE-2023-34098 Dependency configuration exposed in Shopware — shopwareCWE-200 5.3 Medium2023-06-27
CVE-2022-36102 Acess control list bypassed via crafted specific URLs — shopwareCWE-281 6.3 Medium2022-09-12
CVE-2022-36101 Sensitive data in backend customer module — shopwareCWE-200 5.4 Medium2022-09-12
CVE-2022-31148 Persistent cross site scripting in customer module in Shopware — shopwareCWE-79 5.4 Medium2022-08-01
CVE-2022-31057 Authenticated Stored XSS in Shopware Administration — shopwareCWE-79 6.5 Medium2022-06-27
CVE-2022-24892 Multiple valid tokens for password reset in Shopware — shopwareCWE-640 6.4 Medium2022-04-28
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation — shopwareCWE-352 7.5 High2022-04-28
CVE-2022-24873 Non-Stored Cross-site Scripting in Shopware storefront — shopwareCWE-79 5.4 Medium2022-04-28
CVE-2022-21652 Insufficient Session Expiration in shopware — shopwareCWE-613 3.5 Low2022-01-05
CVE-2022-21651 Open redirect in shopware — shopwareCWE-601 6.8 Medium2022-01-05
CVE-2021-41188 Authenticated Stored XSS in Administration — shopwareCWE-79 5.7 Medium2021-10-26
CVE-2021-32712 Information leakage in Error Handler — shopwareCWE-200 5.3 Medium2021-06-24
CVE-2021-32713 Authenticated Stored XSS — shopwareCWE-79 4.8 Medium2021-06-24

This page lists every published CVE security advisory associated with shopware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.