GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
41 advisories
svg-sanitizer Bypasses Attribute Sanitization
Moderate
CVE-2025-55166
was published
for
enshrined/svg-sanitize
(Composer)
Aug 12, 2025
TYPO3 Allows Privilege Escalation to System Maintainer
High
CVE-2025-47940
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
TYPO3 Information Disclosure via Exception Handling/Logger
Low
CVE-2024-55891
was published
for
typo3/cms-install
(Composer)
Jan 14, 2025
Denial of Service in TYPO3 Bookmark Toolbar
Low
CVE-2024-34537
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Moderate
CVE-2024-34357
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Moderate
CVE-2024-25118
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
Moderate
CVE-2023-47125
was published
for
typo3/html-sanitizer
(Composer)
Nov 14, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling
Moderate
CVE-2023-47127
was published
for
typo3/cms-core
(Composer)
Nov 14, 2023
Cross-Site Scripting in CKEditor4 WordCount Plugin
Moderate
GHSA-m8fw-p3cr-6jqc
was published
for
typo3/cms-rte-ckeditor
(Composer)
Jul 25, 2023
By-passing Cross-Site Scripting Protection in HTML Sanitizer
Moderate
CVE-2023-38500
was published
for
typo3/html-sanitizer
(Composer)
Jul 25, 2023
Information Disclosure due to Out-of-scope Site Resolution
Low
CVE-2023-38499
was published
for
typo3/cms-core
(Composer)
Jul 25, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Moderate
CVE-2023-37905
was published
for
ckeditor-wordcount-plugin
(npm)
Jul 10, 2023
svg-sanitizer has Cross-site Scripting Bypass
Moderate
CVE-2023-28426
was published
for
enshrined/svg-sanitize
(Composer)
Mar 20, 2023
•
withdrawn
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25014
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25013
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Insufficient Session Expiration in TYPO3's Admin Tool
Moderate
CVE-2022-31050
was published
for
typo3/cms
(Composer)
Jun 17, 2022
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
Cross-site Scripting in enshrined/svg-sanitize
Moderate
CVE-2022-23638
was published
for
enshrined/svg-sanitize
(Composer)
Feb 14, 2022
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
ProTip!
Advisories are also available from the
GraphQL API