Known Vulnerabilities for products from Magento
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Magento".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-58669 | Not Provided | 2025-09-22 | 2026-04-01 | |
| CVE-2022-24086 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-16 | 2022-02-22 |
| CVE-2021-36036 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-09-06 | 2023-09-14 |
| CVE-2021-36023 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-09-06 | 2023-09-11 |
| CVE-2021-36021 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-09-06 | 2023-09-14 |
| CVE-2021-28585 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input val... | 5.3 - MEDIUM | 2021-06-28 | 2021-07-06 |
| CVE-2021-28584 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vuln... | 7.2 - HIGH | 2021-06-28 | 2021-07-06 |
| CVE-2021-28583 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure... | 4.2 - MEDIUM | 2021-06-28 | 2021-07-06 |
| CVE-2021-28567 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authori... | 6.5 - MEDIUM | 2021-09-08 | 2023-11-07 |
| CVE-2021-28566 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disc... | 2.7 - LOW | 2021-09-08 | 2022-10-18 |
| CVE-2021-28563 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authoriza... | 6.5 - MEDIUM | 2021-06-28 | 2022-08-02 |
| CVE-2021-28556 | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Sit... | 4.8 - MEDIUM | 2021-06-28 | 2021-07-02 |
| CVE-2021-21064 | Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector vers... | 4 - MEDIUM | 2021-02-25 | 2023-11-07 |
| CVE-2021-21032 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessio... | 7.5 - HIGH | 2021-02-11 | 2023-11-07 |
| CVE-2021-21031 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessio... | 7.5 - HIGH | 2021-02-11 | 2023-11-07 |
| CVE-2021-21030 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site sc... | 4.3 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21029 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site S... | 4.8 - MEDIUM | 2021-02-11 | 2022-01-04 |
| CVE-2021-21027 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request for... | 4.3 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21026 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorizatio... | 4 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-21025 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the p... | 6.5 - MEDIUM | 2021-02-11 | 2023-11-07 |
Known software with vulnerabilities from Magento
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Magento | Advanced Newsletter | 2.3.4 |
| Application | Magento | Magento | 1.0.0 |
| Application | Magento | Magento2 | - |