GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,799
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,019 advisories
Filter by severity
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used
High
GHSA-p84g-j2gh-83g3
was published
for
typo3/cms
(Composer)
May 30, 2024
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Moderate
GHSA-mxjf-hc9v-xgv2
was published
for
typo3/cms
(Composer)
May 30, 2024
OpenCMS Cross-Site Scripting vulnerability
Moderate
CVE-2024-5520
was published
for
org.opencms:opencms-core
(Maven)
May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-5h5v-m596-r6rf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Filelist Module
Moderate
GHSA-6xwf-7rfm-4gwc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
mysql2 vulnerable to Prototype Pollution
High
CVE-2024-21512
was published
for
mysql2
(npm)
May 30, 2024
TYPO3 Cross-Site Scripting in Link Handling
Moderate
GHSA-4ppr-jw47-9qm5
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-95qm-3xp7-vfj5
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling
High
GHSA-82vp-jr39-4j2j
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in User Authentication
Moderate
GHSA-wj85-rg5g-v8jm
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4459-qrcc-vfcf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Language Pack Handling
Moderate
GHSA-76r3-m635-p3vc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-9rx9-7fmh-gj3g
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Moderate
GHSA-22q7-cg4r-p9mx
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-hjx5-v9xg-7h25
was published
for
typo3/cms-core
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API