Magento/project-community-edition
This hub aggregates every CVE we track for Magento/project-community-edition, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
161
CVEs tracked
34
Critical
48
High
1
In CISA KEV
Severity distribution
MEDIUM72HIGH48CRITICAL34LOW7
Monthly trend
0
17
0
0
0
0
0
24
0
3
0
4
0
6
1
5
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Magento/project-community-edition.
- CVE-2025-54267Adobe Commerce | Incorrect Authorization (CWE-863)6.5
- CVE-2025-54263Adobe Commerce | Incorrect Authorization (CWE-863)8.1
- CVE-2025-54266Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2025-54265Adobe Commerce | Incorrect Authorization (CWE-863)5.9
- CVE-2025-54264Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)8.1
- CVE-2025-54236Adobe Commerce | Improper Input Validation (CWE-20)KEV9.1
- CVE-2025-49556Adobe Commerce | Incorrect Authorization (CWE-863)7.5
- CVE-2025-49557Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)8.7
- CVE-2025-49558Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)5.9
- CVE-2025-49554Adobe Commerce | Improper Input Validation (CWE-20)7.5
- CVE-2025-49559Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)5.3
- CVE-2025-49555Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)8.1
- CVE-2025-49550Adobe Commerce | Incorrect Authorization (CWE-863)4.3
- CVE-2025-49549Adobe Commerce | Incorrect Authorization (CWE-863)2.7
- CVE-2025-27206Adobe Commerce | Improper Access Control (CWE-284)5.3
Product normalization is registry-driven with AI assist and human review. How it works