Security Advisories
This page provides a centralized overview of all vulnerability fixes across Hyvä products. It is intended for security officers, store owners, and integrators auditing their Hyvä installations.
For detailed information about each vulnerability, including affected version ranges and mitigation steps, refer to the per-product security changelogs linked below.
Last Updated
This documentation was last updated on 2026-02-20. For the most recent security information, ensure you're viewing the latest version of this page.
Critical and High-Severity Vulnerabilities
| Product | Version | Date | Summary | Details |
|---|---|---|---|---|
| Hyvä Checkout | 1.1.28 | 2025-01-23 | CRITICAL - Sensitive credentials exposed in browser URL on guest login | Security Changelog |
Per-Product Security Changelogs
- Hyvä Themes - Default Theme and Theme Module vulnerabilities
- Hyvä Checkout - Checkout module vulnerabilities
- Hyvä Commerce - Commerce and Menu Builder vulnerabilities
- Hyvä Enterprise - Adobe Commerce and B2B theme vulnerabilities
Notification Channels
Stay informed about security updates and product releases through our notification channels:
- Slack - Join our community Slack and follow the #update-notifications channel to receive announcements of all product releases, including security patches.
- GitHub Security Advisories - For our open source projects, vulnerabilities are published to the PHP Security Advisories Database. GitHub Security Advisories will correctly report vulnerabilities, and Composer will actively block installing a vulnerable version.
- Technology Partner Communication - Technology Partners are informed directly via existing communication channels, often in advance of public announcements. See the list of technology partners.
Reporting Security Vulnerabilities
If you discover a security vulnerability in any Hyvä product, please report it responsibly. For details on how to report and what to include, see Security Compliance - Reporting a Vulnerability.