Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2025-58442

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.

Published: Sep 9, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-58442
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-204

Affected Software
References

No affected software listed.

https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95
https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb
https://github.com/saleor/saleor/releases/tag/3.21.16
https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo