openmage/magento-lts

A fork of Magento-1 that is accepting bug fixes (backward compatible, drop in replacement for official Magento)

Latest v21.0.0-beta2

93%

Total Score

Dependencies

Maturity

100

Supply Chain

100

Are you affected? Scan for Free

Vulnerabilities

Title	Versions	Severity
CVE-2026-42458 openmage/magento-lts is vulnerable to Improper Neutralization of Alternate XSS Syntax in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Medium
CVE-2026-42207 openmage/magento-lts is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Medium
CVE-2026-42155 openmage/magento-lts is vulnerable to Use of Insufficiently Random Values in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Critical
CVE-2026-40488 openmage/magento-lts is vulnerable to Unrestricted Upload of File with Dangerous Type in versions 0.0.0 - 20.16.0.	0.0.0 - 20.16.0	High
CVE-2026-40098 openmage/magento-lts is vulnerable to Missing Authorization in versions 0.0.0 - 20.17.0.	0.0.0 - 20.17.0	Medium

Lee Saferite

Daniel Fahlke aka Flyingmana

David Robinson

Tymoteusz Motylewski

Sven Reichel

Dependency	Last Release	Score
pelago/emogrifier Version ^7.0	—	—
shardj/zf1-future Version 1.24.0	—	—
ezyang/htmlpurifier Version ^4.17	—	—
phpseclib/phpseclib Version ^3.0.14	—	—
symfony/polyfill-php74 Version ^1.29	—	—