Sylius/sylius

This hub aggregates every CVE we track for Sylius/sylius, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sylius/sylius.

• CVE-2026-31825Sylius has a DQL Injection via API Order Filters5.3Mar 10, 2026
• CVE-2026-31824Sylius has a Promotion Usage Limit Bypass via Race Condition8.2Mar 10, 2026
• CVE-2026-31823Sylius has Authenticated Stored XSS4.8Mar 10, 2026
• CVE-2026-31822Sylius has a XSS vulnerability in checkout login form6.1Mar 10, 2026
• CVE-2026-31821Sylius is Missing Authorization in API v2 Add Item Endpoint5.3Mar 10, 2026
• CVE-2026-31820Sylius affected by IDOR in Cart and Checkout LiveComponents6.5Mar 10, 2026
• CVE-2026-31819Sylius has an Open Redirect via Referer Header6.1Mar 10, 2026
• CVE-2024-57610A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of s...7.5Feb 6, 2025
• CVE-2021-3841Stored Cross-site Scripting (XSS) in sylius/sylius5.4Nov 15, 2024
• CVE-2024-40633Customer data leak via adjustments API endpoint in Sylius5.3Jul 17, 2024
• CVE-2024-34349Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel4.8May 10, 2024
• CVE-2024-29376Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.6.4Apr 22, 2024
• CVE-2022-24749Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius6.1Mar 14, 2022
• CVE-2022-24743Insufficient Session Expiration in Sylius7.1Mar 14, 2022
• CVE-2022-24742Exposure of Sensitive Information Due to Incompatible Policies in Sylius5.0Mar 14, 2022