spree_api

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting spree_apipage 1 of 1

CVE-2020-26223HIGHCVSS 7.7EG 7.7✓ Fixed in 4.1.12
2020-11-13
vulnerable: 4.1.0 ... 4.1.9 (12 versions)
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 O…
CVE-2026-25758HIGHCVSS 7.5EG 7.5✓ Fixed in 4.10.3
2026-02-06
vulnerable: 0.30.0 ... 4.9.0 (322 versions)
Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating …

Check whether spree_api is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for spree_api CVEs against the assets you own.

Start Free Scan →