Openmage Magento-lts
27 CVEs affecting Openmage Magento-lts. Latest disclosed: 2026-05-15. Critical: 2, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-21426 | Critical | 9.8 | 2021-04-21 | Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vu… |
CVE-2021-21427 | Critical | 9.1 | 2021-04-21 | Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially… |
CVE-2021-41144 | High | 8.8 | 2023-01-27 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Ve… |
CVE-2020-26295 | High | 8.7 | 2021-01-21 | OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export dat… |
CVE-2020-26285 | High | 8.7 | 2021-01-21 | OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code ex… |
CVE-2020-26252 | High | 8.7 | 2021-01-20 | OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code ex… |
CVE-2026-25524 | High | 8.1 | 2026-04-20 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a… |
CVE-2020-15244 | High | 8.0 | 2020-10-21 | In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger R… |
CVE-2020-15151 | High | 8.0 | 2020-08-19 | OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface… |
CVE-2023-41879 | High | 7.5 | 2023-09-11 | Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "pr… |
CVE-2021-41231 | High | 7.2 | 2023-01-27 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create… |
CVE-2021-41143 | High | 7.2 | 2023-01-27 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the… |
CVE-2021-39217 | High | 7.2 | 2023-01-27 | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block method… |
CVE-2021-32759 | High | 7.2 | 2021-08-27 | OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it… |
CVE-2021-32758 | High | 7.2 | 2021-08-27 | OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute ar… |
CVE-2026-42207 | Medium | 6.1 | 2026-05-15 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a… |
CVE-2026-25523 | Medium | 5.3 | 2026-02-04 | Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowl… |
CVE-2026-25525 | Medium | 4.9 | 2026-04-20 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a… |
CVE-2023-23617 | Medium | 4.9 | 2023-01-27 | OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions… |
CVE-2021-21395 | Medium | 4.2 | 2023-01-27 | Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable… |