Every CVE whose affected-product data names Openmage Magento, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-21426 — CVSS 9.8 (critical): Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and…
CVE-2021-21427 — CVSS 9.1 (critical): Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13…
CVE-2021-41144 — CVSS 8.8 (high): OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to…
CVE-2026-40488 — CVSS 8.8 (high): Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition…
CVE-2026-25524 — CVSS 8.1 (high): Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition…
CVE-2020-15244 — CVSS 8.0 (high): In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can…
CVE-2023-41879 — CVSS 7.5 (high): Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which…
CVE-2021-39217 — CVSS 7.2 (high): OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary…
CVE-2021-41231 — CVSS 7.2 (high): OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via…
CVE-2021-32759 — CVSS 7.2 (high): OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to…
CVE-2021-41143 — CVSS 7.2 (high): OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could…
CVE-2026-40098 — CVSS 5.4 (medium): Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition…
CVE-2026-25523 — CVSS 5.3 (medium): Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered…
CVE-2026-25525 — CVSS 4.9 (medium): Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition…
CVE-2023-23617 — CVSS 4.9 (medium): OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain…
CVE-2025-64174 — CVSS 4.8 (medium): Magento-lts is a long-term support alternative to Magento Community Edition (CE). Versions 20.15.0 and below are affected by a stored…
CVE-2021-21395 — CVSS 4.2 (medium): Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and…
CVE-2024-41676 — CVSS 4.1 (medium): Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome…