Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
Insecure Deserialization in Backend User Settings in TYPO3 CMS High
CVE-2020-11067 was published for typo3/cms (Composer) May 13, 2020
ohader
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
ProTip! Advisories are also available from the GraphQL API