GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
41 advisories
svg-sanitizer Bypasses Attribute Sanitization
Moderate
CVE-2025-55166
was published
for
enshrined/svg-sanitize
(Composer)
Aug 12, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Allows Privilege Escalation to System Maintainer
High
CVE-2025-47940
was published
for
typo3/cms-core
(Composer)
May 20, 2025
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
TYPO3 Information Disclosure via Exception Handling/Logger
Low
CVE-2024-55891
was published
for
typo3/cms-install
(Composer)
Jan 14, 2025
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
Denial of Service in TYPO3 Bookmark Toolbar
Low
CVE-2024-34537
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Cross-site Scripting vulnerability in Kitodo.Presentation
Moderate
CVE-2020-16095
was published
for
kitodo/presentation
(Composer)
Jul 31, 2020
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Moderate
CVE-2024-34357
was published
for
typo3/cms-core
(Composer)
May 14, 2024
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Moderate
CVE-2024-25118
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Cross-Site Scripting via Rich-Text Content
Moderate
CVE-2021-32768
was published
for
typo3/cms
(Composer)
Aug 19, 2021
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Cleartext storage of session identifier
High
CVE-2020-26228
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Insecure Deserialization in Backend User Settings in TYPO3 CMS
High
CVE-2020-11067
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Link Handling
Moderate
CVE-2020-11065
was published
for
typo3/cms
(Composer)
May 13, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API