Skip to main content

Vendure

2 CVEs product

Monthly

CVE-2026-25050 npm MEDIUM PATCH This Month

Vendure versions up to 3.5.3 contains a vulnerability that allows attackers to enumerate valid usernames (email addresses) (CVSS 5.3).

Information Disclosure Vendure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-23065 MEDIUM POC PATCH This Month

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vendure
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vendure versions up to 3.5.3 contains a vulnerability that allows attackers to enumerate valid usernames (email addresses) (CVSS 5.3).

Information Disclosure Vendure
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vendure
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy