openmage/magento-lts

A fork of Magento-1 that is accepting bug fixes (backward compatible, drop in replacement for official Magento)

Latest v21.0.0-beta2

93%

Total Score

Dependencies

Maturity

100

Supply Chain

100

Are you affected? Scan for Free

Vulnerabilities

Title	Versions	Severity
CVE-2026-40488 New openmage/magento-lts is vulnerable to Unrestricted Upload of File with Dangerous Type in versions 0.0.0 - 20.16.0.	0.0.0 - 20.16.0	High
CVE-2026-40098 New openmage/magento-lts is vulnerable to Missing Authorization in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Medium
CVE-2026-25525 New openmage/magento-lts is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Medium
CVE-2026-25524 New openmage/magento-lts is vulnerable to Deserialization of Untrusted Data in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	High
CVE-2026-25523 openmage/magento-lts is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 0.0.0 - 20.16.1.	0.0.0 - 20.16.1	Medium

Lee Saferite

Daniel Fahlke aka Flyingmana

David Robinson

Tymoteusz Motylewski

Sven Reichel

Dependency	Last Release	Score
pelago/emogrifier Version ^7.0	—	—
shardj/zf1-future Version 1.24.0	—	—
ezyang/htmlpurifier Version ^4.17	—	—
phpseclib/phpseclib Version ^3.0.14	—	—
symfony/polyfill-php74 Version ^1.29	—	—