Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Vendure

Funds programs for the Vendure developer community
Collective - Host: opensource - https://opencollective.com/vendure-ecommerce - Website: https://www.vendure.io/ - Code: https://github.com/vendure-ecommerce

Critical

vendure: GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd

Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: github
Published: 2 months ago

Moderate

vendure: GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1

@vendure/core's insecure currencyCode handling allows wrong payment amounts
Ecosystems: npm
Packages: @vendure/core
Source: github
Published: about 1 year ago

Low

vendure: GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0

Vendure Cross Site Request Forgery vulnerability impacting all API requests
Ecosystems: npm
Packages: @vendure/core
Source: github
Published: over 1 year ago

Moderate

vendure: GSA_kwCzR0hTQS1nbTY4LTU3MnAtcTI4cs4AA0Q9

@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @vendure/admin-ui-plugin
Source: github
Published: over 1 year ago