Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,019 advisories

TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used High
GHSA-p84g-j2gh-83g3 was published for typo3/cms (Composer) May 30, 2024
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting Moderate
GHSA-mxjf-hc9v-xgv2 was published for typo3/cms (Composer) May 30, 2024
OpenCMS Cross-Site Scripting vulnerability Moderate
CVE-2024-5520 was published for org.opencms:opencms-core (Maven) May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library High
GHSA-45xg-4w5x-j429 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Filelist Module Moderate
GHSA-6xwf-7rfm-4gwc was published for typo3/cms-core (Composer) May 30, 2024
mysql2 vulnerable to Prototype Pollution High
CVE-2024-21512 was published for mysql2 (npm) May 30, 2024
TYPO3 Cross-Site Scripting in Link Handling Moderate
GHSA-4ppr-jw47-9qm5 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling Moderate
GHSA-95qm-3xp7-vfj5 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling High
GHSA-82vp-jr39-4j2j was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in User Authentication Moderate
GHSA-wj85-rg5g-v8jm was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions Moderate
GHSA-p2h4-7fp3-cmh8 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Page Tree Moderate
GHSA-wvvp-jwf5-qcpc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling Moderate
GHSA-xmgr-jff3-fcfv was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework Moderate
GHSA-4459-qrcc-vfcf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Language Pack Handling Moderate
GHSA-76r3-m635-p3vc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-9rx9-7fmh-gj3g was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers Moderate
GHSA-22q7-cg4r-p9mx was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-rxc9-f2x6-qh4w was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-hjx5-v9xg-7h25 was published for typo3/cms-core (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API