Every CVE whose affected-product data names Sylius, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2026-31824 — CVSS 8.2 (high): Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use (TOCTOU) race condition was discovered in the…
CVE-2024-57610 — CVSS 7.5 (high): A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly…
CVE-2022-24743 — CVSS 7.1 (high): Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the…
CVE-2026-31820 — CVSS 6.5 (medium): Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference (IDOR) vulnerability exists in…
CVE-2024-29376 — CVSS 6.4 (medium): Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.
CVE-2022-24749 — CVSS 6.1 (medium): Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file…
CVE-2026-31822 — CVSS 6.1 (medium): Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop checkout login form…
CVE-2022-24733 — CVSS 6.1 (medium): Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an…
CVE-2026-31819 — CVSS 6.1 (medium): Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), ImpersonateUserController::impersonateAct…
CVE-2021-3841 — CVSS 5.4 (medium): sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This…
CVE-2026-31825 — CVSS 5.3 (medium): Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter…
CVE-2021-32720 — CVSS 5.3 (medium): Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details…
CVE-2026-31821 — CVSS 5.3 (medium): Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify cart…
CVE-2022-24742 — CVSS 5.0 (medium): Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab…
CVE-2019-12186 — CVSS 4.8 (medium): An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x…
CVE-2026-31823 — CVSS 4.8 (medium): Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting (XSS) vulnerability exists in…
CVE-2020-5218 — CVSS 4.4 (medium): Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments…
CVE-2019-16768 — CVSS 3.5 (low): In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Secu…