Vendurehq Vendure
2 CVEs affecting Vendurehq Vendure. Latest disclosed: 2026-04-21. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40887 | Critical | 9.1 | 2026-04-21 | Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection… |
CVE-2026-25050 | | 2026-01-30 | Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is vulnerable to a timin… |