Browse all 7 CVE security advisories affecting spree. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Spree is an open-source e-commerce platform built on Ruby on Rails, serving as a core solution for online retailers. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, with seven CVEs documented to date. Notable security characteristics include its modular architecture, which can introduce complex dependency chains, and past incidents where authentication bypasses allowed unauthorized administrative access. The platform's frequent updates and active community help mitigate risks, but developers must remain vigilant about third-party extensions and proper configuration to prevent exploitation.
GHSA-address-fix2026-02-07GHSA-g268-72p7-9j6j2026-02-07CVE-2026-257582026-02-07GHSA-g268-72p7-9j6j2026-01-20CVE-2026-225882026-01-20Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with spree. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.