Homepage

@vendure/core

A modern, headless ecommerce framework
Licenses: GPL-3.0 | MIT
Published: 7 years ago Last updated: 20 days ago Latest version: 3.6.3 Latest non-vulnerable version: 3.7.0-minor-202605220309

License

GPL-3.0>=3.0.0-next.0;
MIT>=0.1.0-alpha.1 <3.0.0-next.0;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
SQL Injection

>=1.7.4 <2.3.4>=3.0.0-next.0 <3.5.7>=3.6.0 <3.6.2
  • M
Information Exposure

<3.5.3
  • M
Improper Input Validation

<2.1.3
  • M
Cross-site Request Forgery (CSRF)

<2.0.3
  • M
Cross-site Scripting (XSS)

<1.5.2

Package versions

581 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
3.7.0-minor-20260522030922 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260521030921 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260520030820 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260519030919 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260518030918 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260516030716 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260515030815 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260512030812 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026050903079 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026050803068 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L