Shopware Platform
25 CVEs affecting Shopware Platform. Latest disclosed: 2026-03-11. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-22731 | Critical | 10.0 | 2023-01-17 | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to… |
CVE-2021-32711 | Critical | 9.1 | 2021-06-24 | Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changi… |
CVE-2026-31889 | High | 8.9 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditi… |
CVE-2021-37711 | High | 8.8 | 2021-08-16 | Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As worka… |
CVE-2021-37708 | High | 8.8 | 2021-08-16 | Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 cont… |
CVE-2022-24872 | High | 8.1 | 2022-04-20 | Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal… |
CVE-2021-37710 | High | 8.0 | 2021-08-16 | Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 cont… |
CVE-2021-32717 | High | 7.5 | 2021-06-24 | Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL… |
CVE-2022-24871 | High | 7.2 | 2022-04-20 | Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server… |
CVE-2022-24748 | Medium | 6.8 | 2022-03-09 | Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modif… |
CVE-2021-37709 | Medium | 6.5 | 2021-08-16 | Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of… |
CVE-2021-37707 | Medium | 6.5 | 2021-08-16 | Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6… |
CVE-2022-24747 | Medium | 6.3 | 2022-03-09 | Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sen… |
CVE-2022-24746 | Medium | 6.1 | 2022-03-09 | Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code v… |
CVE-2021-32710 | Medium | 5.9 | 2021-06-24 | Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current… |
CVE-2026-31888 | Medium | 5.3 | 2026-03-11 | Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error cod… |
CVE-2023-22730 | Medium | 5.3 | 2023-01-17 | Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple tim… |
CVE-2021-32709 | Medium | 4.9 | 2021-06-24 | Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current… |
CVE-2022-24745 | Medium | 4.8 | 2022-03-09 | Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared betwe… |
CVE-2021-32716 | Medium | 4.4 | 2021-06-24 | Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been… |