Known Vulnerabilities for products from Saleor
Listed below are 6 of the newest known vulnerabilities associated with the vendor "Saleor".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39851 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-35407 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-35401 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-33756 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2023-32694 json | Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attac... | 5.4 - MEDIUM | 2023-05-25 | 2023-06-01 |
| CVE-2023-26052 json | Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions... | 5.3 - MEDIUM | 2023-03-02 | 2023-03-13 |
| CVE-2023-26051 json | Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions... | 4.3 - MEDIUM | 2023-03-02 | 2023-11-07 |
| CVE-2023-3294 json | Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83e... | 6.1 - MEDIUM | 2023-06-16 | 2023-06-23 |
| CVE-2022-39275 json | Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the I... | 4.3 - MEDIUM | 2022-10-06 | 2023-01-23 |
| CVE-2022-0932 json | Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. | 6.5 - MEDIUM | 2022-03-11 | 2023-06-29 |