magento/community-edition
Packagist317 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting magento/community-editionpage 7 of 7
- CVE-2024-45129MEDIUMCVSS 4.3EG 4.32024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to …
- CVE-2024-45130MEDIUMCVSS 4.3EG 4.32024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerabilit…
- CVE-2024-45131MEDIUMCVSS 5.4EG 5.42024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability…
- CVE-2024-45132MEDIUMCVSS 6.5EG 6.52024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to b…
- CVE-2024-45133LOWCVSS 2.7EG 2.72024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a…
- CVE-2024-45134LOWCVSS 2.7EG 2.72024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a…
- CVE-2024-45135LOWCVSS 2.7EG 2.72024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to byp…
- CVE-2024-45149LOWCVSS 2.7EG 2.72024-10-10
vulnerable: 2.4.4
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerabili…
- CVE-2025-24425MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.7-p42025-02-11
vulnerable: 2.4.7 ... 2.4.7-p3 (7 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to …
- CVE-2025-24430LOWCVSS 3.7EG 3.7✓ Fixed in 2.4.7-p42025-02-11
vulnerable: 2.4.7 ... 2.4.7-p3 (7 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could e…
- CVE-2025-24432LOWCVSS 3.7EG 3.7✓ Fixed in 2.4.7-p42025-02-11
vulnerable: 2.4.7 ... 2.4.7-p3 (7 versions)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could e…
- CVE-2025-27191MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.4.7-p52025-04-08
vulnerable: 2.4.7 ... 2.4.7-p4 (8 versions)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…
- CVE-2025-27192LOWCVSS 2.7EG 2.7✓ Fixed in 2.4.7-p52025-04-08
vulnerable: 2.4.7 ... 2.4.7-p4 (8 versions)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could …
- CVE-2025-43585HIGHCVSS 8.2EG 8.2✓ Fixed in 2.4.7-p62025-06-10
vulnerable: 2.4.7 ... 2.4.7-p5 (9 versions)
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to b…
- CVE-2025-49558MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.4.9-alpha22025-08-12
vulnerable: 2.4.9-alpha1
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An atta…
- CVE-2025-54236CRITICALCVSS 9.1EG 9.1⚠ KEV2025-09-09
vulnerable: 2.4.9
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing …
- CVE-2025-54265MEDIUMCVSS 5.9EG 5.92025-10-14
vulnerable: 2.4.6
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and g…
Check whether magento/community-edition is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for magento/community-edition CVEs against the assets you own.
Start Free Scan →