Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader Credited to ohader
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Insecure Deserialization in Backend User Settings in TYPO3 CMS High
CVE-2020-11067 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn Credited to liayn, bmack, and ohader bmack bmack
ohader ohader
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen Credited to smichaelsen, ohader, marclindemann, vertexvaar, sushiwushi, and waldhacker1 ohader ohader
marclindemann marclindemann vertexvaar vertexvaar sushiwushi sushiwushi waldhacker1 waldhacker1
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi Credited to sushiwushi and ohader ohader ohader
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
TYPO3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader Credited to ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader Credited to ohader
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader Credited to ohader
TYPO3 Allows Privilege Escalation to System Maintainer High
CVE-2025-47940 was published for typo3/cms-core (Composer) May 20, 2025
ohader Credited to ohader and alexanderkuenzl alexanderkuenzl alexanderkuenzl
TYPO3 CMS Stores Cleartext Password in User Settings Module High
CVE-2026-6553 was published for typo3/cms-backend (Composer) Apr 24, 2026
mclewing Credited to mclewing, garvinhicking, and ohader garvinhicking garvinhicking
ohader ohader
ProTip! Advisories are also available from the GraphQL API