openmage/magento-lts

A fork of Magento-1 that is accepting bug fixes (backward compatible, drop in replacement for official Magento)

Latest v21.0.0-beta2

93%

Total Score

Dependencies

Maturity

100

Supply Chain

100

Vulnerabilities

Title	Versions	Severity
CVE-2026-25523 openmage/magento-lts is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 0.0.0 - 20.16.1.	0.0.0 - 20.16.1	Medium
CVE-2025-64174 openmage/magento-lts is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in versions 0.0.0 - 20.16.0.	0.0.0 - 20.16.0	Medium
CVE-2025-27400 openmage/magento-lts is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in versions 0.0.0 - 20.12.3.	0.0.0 - 20.12.3	Low
CVE-2024-41676 openmage/magento-lts is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in versions 0.0.0 - 20.10.1.	0.0.0 - 20.10.1	Medium
CVE-2023-41879 openmage/magento-lts is vulnerable to Use of Insufficiently Random Values in versions 0.0.0 - 19.5.0 and 20.0.0 - 20.1.0.	0.0.0 - 19.5.020.0.0 - 20.1.0	High

Lee Saferite

Daniel Fahlke aka Flyingmana

David Robinson

Tymoteusz Motylewski

Sven Reichel

Dependency	Last Release	Score
pelago/emogrifier Version ^7.0	—	—
shardj/zf1-future Version 1.24.0	—	—
ezyang/htmlpurifier Version ^4.17	—	—
phpseclib/phpseclib Version ^3.0.14	—	—
symfony/polyfill-php74 Version ^1.29	—	—