Homepage

@vendure/core

A modern, headless ecommerce framework
Licenses: GPL-3.0 | MIT
Published: 7 years ago Last updated: 4 days ago Latest version: 3.6.2 Latest non-vulnerable version: 3.7.0-minor-202604170307

License

GPL-3.0>=3.0.0-next.0;
MIT>=0.1.0-alpha.1 <3.0.0-next.0;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
SQL Injection

>=1.7.4 <2.3.4>=3.0.0-next.0 <3.5.7>=3.6.0 <3.6.2
  • M
Information Exposure

<3.5.3
  • M
Improper Input Validation

<2.1.3
  • M
Cross-site Request Forgery (CSRF)

<2.0.3
  • M
Cross-site Scripting (XSS)

<1.5.2

Package versions

541 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
3.7.0-minor-20260417030717 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260416030716 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260415030715 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260414030714 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260410030810 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026040903079 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026040803078 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026040303073 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026040208302 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026040203062 Apr, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L