Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
spree_storefront 5.1.1 | Vulnerabilities | Sonatype Guide
gem
spree_storefront
5.1.1
spree_storefront 5.1.1
Published
Jul 8, 2025
•
Policy
compliance
gem Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
47
Versions
47
Vulnerabilities
1
Vulnerabilities
1
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(1)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
5.3
CVE-2026-25757
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users (including names, addresses and phone numbers). This issue has been patched in versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2.
affected
Severity
Medium
Published
Feb 6, 2026
