GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
148,994 advisories
Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation
Moderate
GHSA-h9r9-2pxg-cx9m
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation
Moderate
CVE-2026-25490
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation
Moderate
CVE-2026-25489
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation
Moderate
CVE-2026-25488
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation
Moderate
CVE-2026-25487
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation
Moderate
CVE-2026-25486
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation
Moderate
CVE-2026-25485
was published
for
craftcms/composer
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS in Product Type Name
Moderate
CVE-2026-25484
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Moderate
CVE-2026-25483
was published
for
craftcms/commerce
(Composer)
Feb 2, 2026
ProTip!
Advisories are also available from the
GraphQL API