Known Vulnerabilities for Magento by Magento
Listed below are 10 of the newest known vulnerabilities associated with "Magento" by "Magento".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-58669 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 ... | Not Provided | 2025-09-22 | 2026-04-01 |
| CVE-2022-24086 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulner... | 9.8 - CRITICAL | 2022-02-16 | 2022-02-22 |
| CVE-2021-21024 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vu... | 6.5 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21023 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site sc... | 3.5 - LOW | 2021-02-11 | 2023-11-07 |
| CVE-2021-21022 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct obj... | 5.3 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21020 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypa... | 4.3 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21019 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the W... | 9.1 - CRITICAL | 2021-02-11 | 2023-11-07 |
| CVE-2021-21018 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection v... | 9 - HIGH | 2021-02-11 | 2023-11-07 |
| CVE-2021-21016 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection v... | 9 - HIGH | 2021-02-11 | 2023-11-07 |
| CVE-2021-21015 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injectio... | 8.5 - HIGH | 2021-02-11 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Magento | Magento | 2.4.1 | All | All | All |
| Application | Magento | Magento | 2.4.1 | All | All | All |
| Application | Magento | Magento | 2.4.0 | All | All | All |
| Application | Magento | Magento | 2.4.0 | All | All | All |
| Application | Magento | Magento | 2.4.0 | - | All | All |
| Application | Magento | Magento | 2.4.0 | - | All | All |
| Application | Magento | Magento | 2.4.0 | p1 | All | All |
| Application | Magento | Magento | 2.4.0 | p1 | All | All |
| Application | Magento | Magento | 2.3.6 | All | All | All |
| Application | Magento | Magento | 2.3.6 | All | All | All |
| Application | Magento | Magento | 2.3.5 | - | All | All |
| Application | Magento | Magento | 2.3.5 | - | All | All |
| Application | Magento | Magento | 2.3.5 | p1 | All | All |
| Application | Magento | Magento | 2.3.5 | p1 | All | All |
| Application | Magento | Magento | 2.3.5 | p2 | All | All |
| Application | Magento | Magento | 2.3.5 | p2 | All | All |
| Application | Magento | Magento | 2.3.4 | All | All | All |
| Application | Magento | Magento | 2.3.4 | All | All | All |
| Application | Magento | Magento | 2.3.3 | All | All | All |
| Application | Magento | Magento | 2.3.3 | All | All | All |