Homepage

@vendure/core

A modern, headless ecommerce framework
Licenses: GPL-3.0 | MIT
Published: 7 years ago Last updated: 16 days ago Latest version: 3.6.4 Latest non-vulnerable version: 3.7.0-minor-202606170310

License

GPL-3.0>=3.0.0-next.0;
MIT>=0.1.0-alpha.1 <3.0.0-next.0;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
SQL Injection

>=1.7.4 <2.3.4>=3.0.0-next.0 <3.5.7>=3.6.0 <3.6.2
  • M
Information Exposure

<3.5.3
  • M
Improper Input Validation

<2.1.3
  • M
Cross-site Request Forgery (CSRF)

<2.0.3
  • M
Cross-site Scripting (XSS)

<1.5.2

Package versions

604 VERSIONS IN TOTAL See all versions
versionpublisheddirect vulnerabilities
3.7.0-minor-20260617031017 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260613030813 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260611030911 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260610030910 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026060903099 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026060303113 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-2026060203112 Jun, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260529030929 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260528030928 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L
3.7.0-minor-20260522030922 May, 2026
  • 0
    C
  • 0
    H
  • 0
    M
  • 0
    L