Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf
Credited to bnf
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering High
CVE-2023-24814 was published for typo3/cms (Composer) Feb 8, 2023
bnf
Credited to bnf
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking ohader
bnf
Credited to fe-hicking, ohader, and bnf
By-passing Cross-Site Scripting Protection in HTML Sanitizer Moderate
CVE-2023-38500 was published for typo3/html-sanitizer (Composer) Jul 25, 2023
leeN Yaniv-git
ohader bnf
Credited to leeN, Yaniv-git, ohader, and bnf
Cross-Site Scripting in CKEditor4 WordCount Plugin Moderate
GHSA-m8fw-p3cr-6jqc was published for typo3/cms-rte-ckeditor (Composer) Jul 25, 2023
sypets ohader
bnf
Credited to sypets, ohader, and bnf
TYPO3 vulnerable to Weak Authentication in Session Handling Moderate
CVE-2023-47127 was published for typo3/cms-core (Composer) Nov 14, 2023
dogawaf bnf
ohader
Credited to dogawaf, bnf, and ohader
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key Moderate
CVE-2024-25119 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Credited to bnf
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
Credited to sushiwushi and bnf
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader bnf
Credited to ohader and bnf
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Credited to bnf
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Credited to andreaskienast and bnf
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module Moderate
CVE-2024-34356 was published for typo3/cms-core (Composer) May 14, 2024
bnf
Credited to bnf
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Credited to derhansen, bnf, and bmack
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader bnf
Eichner
Credited to ohader, bnf, and Eichner
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
Credited to bnf
TYPO3 Unverified Password Change for Backend Users Low
CVE-2025-47938 was published for typo3/cms-core (Composer) May 20, 2025
bnf
Credited to bnf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database