Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

45 advisories

Loading
TYPO3 HTML Sanitizer allows Cross-site Scripting Low
CVE-2026-47344 was published for typo3/html-sanitizer (Composer) Jun 12, 2026
ohader Credited to ohader
TYPO3 CMS Stores Cleartext Password in User Settings Module High
CVE-2026-6553 was published for typo3/cms-backend (Composer) Apr 24, 2026
mclewing Credited to mclewing, garvinhicking, and ohader garvinhicking garvinhicking
ohader ohader
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
TYPO3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool Moderate
CVE-2026-0859 was published for typo3/cms-core (Composer) Jan 13, 2026
eliashaeussler Credited to eliashaeussler and ohader ohader ohader
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader Credited to ohader and realazizk realazizk realazizk
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer Moderate
CVE-2025-47939 was published for typo3/cms-core (Composer) May 20, 2025
0xHamy Credited to 0xHamy and ohader ohader ohader
TYPO3 Allows Privilege Escalation to System Maintainer High
CVE-2025-47940 was published for typo3/cms-core (Composer) May 20, 2025
ohader Credited to ohader and alexanderkuenzl alexanderkuenzl alexanderkuenzl
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader Credited to ohader and tdunlap607 tdunlap607 tdunlap607
TYPO3 Information Disclosure via Exception Handling/Logger Low
CVE-2024-55891 was published for typo3/cms-install (Composer) Jan 14, 2025
ohader Credited to ohader
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack Credited to NeoBlack and ohader ohader ohader
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader Credited to ohader, bnf, and Eichner bnf bnf
Eichner Eichner
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader Credited to ohader and darth-hader darth-hader darth-hader
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader Credited to ohader and jpmschuler jpmschuler jpmschuler
Cross-site Scripting vulnerability in Kitodo.Presentation Moderate
CVE-2020-16095 was published for kitodo/presentation (Composer) Jul 31, 2020
ohader Credited to ohader
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController Moderate
CVE-2024-34357 was published for typo3/cms-core (Composer) May 14, 2024
derhansen Credited to derhansen and ohader ohader ohader
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader Credited to ohader
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader Credited to ohader and bnf bnf bnf
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords Moderate
CVE-2024-25118 was published for typo3/cms-core (Composer) Feb 13, 2024
lolli42 Credited to lolli42 and ohader ohader ohader
Cross-Site Scripting via Rich-Text Content Moderate
CVE-2021-32768 was published for typo3/cms (Composer) Aug 19, 2021
sushiwushi Credited to sushiwushi, ohader, and einpraegsam ohader ohader
einpraegsam einpraegsam
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi Credited to sushiwushi and ohader ohader ohader
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn Credited to liayn, bmack, and ohader bmack bmack
ohader ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
ProTip! Advisories are also available from the GraphQL API