from 0, < 1.0.0-rc.8
from 0, < 1.0.0-rc.8
HIGH7.5CVE-2025-67419evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API from 0, <= 2.1.0
HIGH7.5EverShop vulnerable to improper authorization in GraphQL endpoints
from 0, < 1.0.0-rc.9
HIGH7.4EverShop at risk to unauthorized access via weak HMAC secret
from 0, < 1.0.0-rc.9
MEDIUM6.1Cross-site Scripting in evershop
from 0, < 1.0.0-rc.8
MEDIUM6.1Cross-site Scripting in evershop
from 0, < 1.0.0-rc.5
MEDIUM6.1Cross Site Scripting in evershop
from 0, < 1.0.0-rc.5
MEDIUM5.4Directory Traversal in evershop
from 0, < 1.0.0-rc.8
MEDIUM5.3Directory Traversal in evershop
from 0, < 1.0.0-rc.8
LOW3.7EverShop is vulnerable to Unauthorized Order Information Access (IDOR)
from 0, <= 2.1.0
—evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API
from 0, <= 2.1.0