@vendure/core vulnerabilities

A modern, headless ecommerce framework

latest version

3.5.0

latest non vulnerable version

3.5.1-master-202511040232

first published

6 years ago

latest version published

13 days ago

licenses detected

GPL-3.0
>=3.0.0-next.0
MIT
>=0.1.0-alpha.1 <3.0.0-next.0

View core package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Improper Input Validation	<2.1.3
M Cross-site Request Forgery (CSRF)	<2.0.3
M Cross-site Scripting (XSS)	<1.5.2

Package versions

392 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
3.5.1-master-202511040232	4 Nov, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202511010232	1 Nov, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510310232	31 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510300232	30 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510290233	29 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510280230	28 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510270234	27 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510250229	25 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510240229	24 Oct, 2025	0 C 0 H 0 M 0 L
3.5.1-master-202510230230	23 Oct, 2025	0 C 0 H 0 M 0 L