Known Vulnerabilities for products from Shopware

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Shopware".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-48011 json		Not Provided	2026-06-10	2026-06-11
CVE-2024-22408 json		8.1 - HIGH	2024-01-16	2024-01-24
CVE-2024-22407 json		6.5 - MEDIUM	2024-01-16	2024-01-24
CVE-2024-22406 json		9.8 - CRITICAL	2024-01-16	2024-01-24
CVE-2023-34099 json	Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was pos...	5.3 - MEDIUM	2023-06-27	2023-07-06
CVE-2023-34098 json	Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration ...	5.3 - MEDIUM	2023-06-27	2023-07-05
CVE-2023-23941 json	SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, ...	7.5 - HIGH	2023-02-03	2023-02-15
CVE-2023-22734 json	Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation w...	7.5 - HIGH	2023-01-17	2023-11-07
CVE-2023-22733 json	Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would...	6.5 - MEDIUM	2023-01-17	2023-01-25
CVE-2023-22732 json	Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was...	9.8 - CRITICAL	2023-01-17	2023-11-07
CVE-2023-22731 json	Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandb...	8.8 - HIGH	2023-01-17	2023-11-07
CVE-2023-22730 json	Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to p...	7.5 - HIGH	2023-01-17	2023-11-07
CVE-2023-2017 json	Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/cor...	8.8 - HIGH	2023-04-17	2023-04-28
CVE-2022-48150 json	Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.	6.1 - MEDIUM	2023-04-21	2023-05-03
CVE-2022-36102 json	Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain n...	7.2 - HIGH	2022-09-12	2022-09-15
CVE-2022-36101 json	Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend ...	5.3 - MEDIUM	2022-09-12	2023-07-21
CVE-2022-31148 json	Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability ...	5.4 - MEDIUM	2022-08-01	2022-08-05
CVE-2022-31057 json	Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to...	5.4 - MEDIUM	2022-06-27	2022-07-07
CVE-2022-24956 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.5 - MEDIUM	2022-03-29	2022-04-05
CVE-2022-24892 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	7.5 - HIGH	2022-04-28	2022-05-10

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Shopware

Type	Vendor	Product	Version
Application	Shopware	Shopware	4.0.1