Magento community edition

This hub aggregates every CVE we track for Magento community edition, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Consumer Software

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

CRITICAL6HIGH3MEDIUM3

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 12 most recently published vulnerabilities affecting Magento community edition.

CVE-2020-9577Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead...6.1Jun 26, 2020
CVE-2020-9588Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could l...7.2Jun 26, 2020
CVE-2020-9578Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitr...9.8Jun 26, 2020
CVE-2020-9591Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation c...7.5Jun 26, 2020
CVE-2020-9580Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead ...9.8Jun 26, 2020
CVE-2020-9581Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead...6.1Jun 26, 2020
CVE-2020-9582Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitr...9.8Jun 26, 2020
CVE-2020-9583Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitr...9.8Jun 26, 2020
CVE-2020-9587Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to po...7.5Jun 26, 2020
CVE-2020-9584Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead...5.4Jun 26, 2020
CVE-2020-9579Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead ...9.8Jun 26, 2020
CVE-2020-9585Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation c...9.8Jun 26, 2020

Product normalization is registry-driven with AI assist and human review. How it works