GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
HTTP Host Header Injection
Moderate
CVE-2021-41114
was published
for
typo3/cms
(Composer)
Oct 5, 2021
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
High
CVE-2023-24814
was published
for
typo3/cms
(Composer)
Feb 8, 2023
Information Disclosure due to Out-of-scope Site Resolution
Low
CVE-2023-38499
was published
for
typo3/cms-core
(Composer)
Jul 25, 2023
By-passing Cross-Site Scripting Protection in HTML Sanitizer
Moderate
CVE-2023-38500
was published
for
typo3/html-sanitizer
(Composer)
Jul 25, 2023
Cross-Site Scripting in CKEditor4 WordCount Plugin
Moderate
GHSA-m8fw-p3cr-6jqc
was published
for
typo3/cms-rte-ckeditor
(Composer)
Jul 25, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling
Moderate
CVE-2023-47127
was published
for
typo3/cms-core
(Composer)
Nov 14, 2023
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Moderate
CVE-2024-25119
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Path Traversal in TYPO3 File Abstraction Layer Storages
Moderate
CVE-2023-30451
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Moderate
CVE-2024-34356
was published
for
typo3/cms-core
(Composer)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Denial of Service in TYPO3 Bookmark Toolbar
Low
CVE-2024-34537
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
ProTip!
Advisories are also available from the
GraphQL API