Homepage

@medusajs/medusa

Building blocks for digital commerce
Licenses: AGPL-3.0 | MIT
Published: 6 years ago Last updated: 22 hours ago Latest version: 2.14.1 Latest non-vulnerable version: 3.0.0-snapshot-20260209084822
This package was involved in a security incident resulting in compromised versions being published. Please verify the versions before use.

License

AGPL-3.0>=0.1.6-alpha.0 <1.0.10;
MIT
>=0.0.0-klarna-shipping-fix-20220718161248 <0.1.6-alpha.0;
>=1.0.10;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @medusajs/medusa package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • C
Embedded Malicious Code

=2.11.4-preview-20251124090208=2.11.4-preview-20251124060135

Package versions

8061 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
3.0.0-snapshot-202602090848229 Feb, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026012519374625 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026012314494623 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011918350519 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011709363517 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011613094116 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011412493414 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011214585612 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-2026011116182511 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.0.0-snapshot-202601071706317 Jan, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L