threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sylius
Product
sylius
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-31825
< 1.9.12
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLoc
5.3
MEDIUM
CVE-2026-31824
< 1.9.12
Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered in
8.2
HIGH
CVE-2026-31823
>= 2.0.0 and < 2.0.16
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting (XSS) vulnerability exists i
4.8
MEDIUM
CVE-2026-31822
>= 2.0.0 and < 2.0.16
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop checkout lo
6.1
MEDIUM
CVE-2026-31821
>= 2.0.0 and < 2.0.16
Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify
5.3
MEDIUM
CVE-2026-31820
>= 2.0.0 and < 2.0.16
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference (IDOR) vulnerability ex
6.5
MEDIUM
CVE-2026-31819
< 1.9.12
Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), ImpersonateUserController::impe
6.1
MEDIUM
CVE-2024-57610
all versions
A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, sign
7.5
HIGH
CVE-2021-3841
< 1.9.10
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.
5.4
MEDIUM
CVE-2024-29376
all versions
Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.
6.4
MEDIUM
CVE-2022-24752
< 1.10.1
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added
9.8
CRITICAL
CVE-2022-24749
< 1.9.10
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG fil
6.1
MEDIUM
CVE-2022-24743
>= 1.10.0 and < 1.10.11
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null af
7.1
HIGH
CVE-2022-24742
< 1.9.10
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if br
5.0
MEDIUM
CVE-2022-24733
< 1.9.10
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled b
6.1
MEDIUM
CVE-2021-41120
>= 1.0.0 and < 1.2.4
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done
7.5
HIGH
CVE-2021-32720
>= 1.9.0 and < 1.9.5
Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the d
5.3
MEDIUM
CVE-2020-15245
< 1.6.9
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it
4.3
MEDIUM
CVE-2020-15146
<= 1.3.13
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated
9.6
CRITICAL
CVE-2020-15143
<= 1.3.13
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluate
7.7
HIGH
CVE-2020-5220
>= 1.3.0 and <= 1.3.12
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure b
4.4
MEDIUM
CVE-2020-5218
>= 1.3.0 and < 1.3.13
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production enviro
4.4
MEDIUM
CVE-2019-12186
>= 1.0.0 and <= 1.0.18
An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17
4.8
MEDIUM
CVE-2019-16768
< 1.3.14
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Comp
3.5
LOW
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin