This page aggregates publicly disclosed CVE and security risk information related to spryker, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-27568 | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | [email protected] | 8.8 | 1.21% | 2023-05-03 | 2026-06-17 |
| CVE-2022-28888 | Spryker Commerce OS 1.4.2 allows Remote Command Execution. | [email protected] | 9.8 | 3.56% | 2022-07-13 | 2026-06-17 |