Shopware Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Shopware products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a code injection vulnerability in Shopware's map() function where PHP Closures can bypass allow-list validation. It affects Shopwar...
Jan 14, 2026A race condition vulnerability in Shopware's voucher system allows attackers to bypass voucher restrictions and exceed usage limits. This affects Shop...
Aug 6, 2025Shopware's sw_silent_feature_call Twig tag has improper input escaping, allowing code execution through the feature flag name parameter. This affects ...
Aug 8, 2024This CVE describes a SQL injection vulnerability in Shopware's application API search functionality. Attackers can exploit the 'name' field in the 'ag...
Aug 8, 2024This vulnerability in Shopware allows session fixation attacks where cached 404 pages inadvertently expose session cookies to subsequent users. Attack...
Mar 6, 2024This CVE describes a SQL injection vulnerability in Shopware's API search functionality. Attackers can exploit the 'name' field in aggregations parame...
Jan 16, 2024This vulnerability in Shopware's Flow Builder allows attackers to bypass URL validation in webhook actions, enabling Server-Side Request Forgery (SSRF...
Jan 16, 2024This CVE describes an integrity vulnerability in SwagPayPal's JavaScript-based PayPal checkout methods where the payment amount and item list sent to ...
Feb 3, 2023Shopware versions before 5.7.9 have a CSRF token validation flaw that allows attackers to bypass CSRF protection. This enables unauthorized actions to...
Apr 28, 2022CVE-2022-24872 is an incorrect permission assignment vulnerability in Shopware where permissions granted via admin API in sales channel context remain...
Apr 20, 2022CVE-2022-24871 is a server-side request forgery (SSRF) vulnerability in Shopware's Admin SDK functionality that allows attackers to read or update int...
Apr 20, 2022This CVE describes a Cross-Site Scripting (XSS) vulnerability in Shopware eCommerce platform that allows attackers to inject malicious scripts via SVG...
Aug 16, 2021Why Monitor Shopware Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Shopware products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Shopware packages in under 60 seconds. No agents required - completely agentless scanning that works across Shopware deployments.
Free vulnerability database: Access detailed information about every Shopware CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Shopware CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
