- How many CVEs does Magento have?
- Magento has 438 published CVE records since 2015, including 93 in the last two years.
- How many Magento CVEs are in CISA KEV?
- Yes — 3 of Magento's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Magento products have the most CVEs?
- The Magento products with the most published CVEs are magento2, Magento, devdocs, upward connector, upward php.
- What are the most common weakness types in Magento CVEs?
- Magento's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-863 (Incorrect Authorization), CWE-284 (Improper Access Control), CWE-20 (Improper Input Validation).
- Are there public exploits for Magento vulnerabilities?
- Yes — 8 of Magento's CVEs have a known public exploit.
- How many critical Magento vulnerabilities are there?
- Magento has 64 critical and 140 high-severity CVEs.
- What is the average severity of Magento CVEs?
- The average CVSS base score across Magento's scored CVEs is 6.7.