Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
TYPO3 Unverified Password Change for Backend Users Low
CVE-2025-47938 was published for typo3/cms-core (Composer) May 20, 2025
bnf Credited to bnf
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf Credited to bnf
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader Credited to ohader, bnf, and Eichner bnf bnf
Eichner Eichner
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen Credited to derhansen, bnf, and bmack bnf bnf
bmack bmack
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module Moderate
CVE-2024-34356 was published for typo3/cms-core (Composer) May 14, 2024
bnf Credited to bnf
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast Credited to andreaskienast and bnf bnf bnf
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf Credited to bnf
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader Credited to ohader and bnf bnf bnf
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi Credited to sushiwushi and bnf bnf bnf
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key Moderate
CVE-2024-25119 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf Credited to bnf
TYPO3 vulnerable to Weak Authentication in Session Handling Moderate
CVE-2023-47127 was published for typo3/cms-core (Composer) Nov 14, 2023
dogawaf Credited to dogawaf, bnf, and ohader bnf bnf
ohader ohader
Cross-Site Scripting in CKEditor4 WordCount Plugin Moderate
GHSA-m8fw-p3cr-6jqc was published for typo3/cms-rte-ckeditor (Composer) Jul 25, 2023
sypets Credited to sypets, ohader, and bnf ohader ohader
bnf bnf
By-passing Cross-Site Scripting Protection in HTML Sanitizer Moderate
CVE-2023-38500 was published for typo3/html-sanitizer (Composer) Jul 25, 2023
leeN Credited to leeN, Yaniv-git, ohader, and bnf Yaniv-git Yaniv-git
ohader ohader bnf bnf
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking Credited to fe-hicking, ohader, and bnf ohader ohader
bnf bnf
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering High
CVE-2023-24814 was published for typo3/cms (Composer) Feb 8, 2023
bnf Credited to bnf
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf Credited to bnf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database