Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist typo3/cms-core Security Advisories

High

GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL

TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ

Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago

High

GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4

TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3

TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2

TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0

TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS0zdm1tLTdoNGotNjlybc4AA3GT

TYPO3 vulnerable to Weak Authentication in Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 6 months ago

Low

GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k

Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 9 months ago

High

GSA_kwCzR0hTQS1yNGY4LWY5M3gtNXFoM84AAxfl

TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS04dzNwLXFoM3gtNmdqcs4AAwSa

TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 1 year ago

High

GSA_kwCzR0hTQS1jNXd4LTZjMmMtZjdybc4AAwSZ

TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY

TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1qZnA3LTc5ZzctODlyZs4AAwSX

TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04YzI4LTVtcDctdjI0aM4AAwSW

TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS00N202LTQ2bWotcDIzNc4AAu1r

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1mZmZyLTd4NHgtZjk4cc4AAu1V

Moderate

GSA_kwCzR0hTQS1tMzkyLTIzNWotOXI3cs4AAu1U

TYPO3 CMS vulnerable to User Enumeration via Response Timing
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS01OTU5LTR4NTgtcjhjMs4AAu1T

TYPO3 CMS missing check for expiration time of password reset token for backend users
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS05YzZ3LTU1Y3AtNXcyNc4AAu1S

TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1mdjJtLTkyNDktcXg4Nc4AAu1R

TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1ncXFmLWc1cjctODR2Zs4AAuzy

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS13d2p3LXIzZ2otMzlmcc4AArtR

Insufficient Session Expiration in TYPO3's Admin Tool
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1oNG14LXh2OTYtMmpnbc4AArtQ

Cross-Site Scripting in TYPO3's Frontend Login Mailer
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS0zcjk1LTIzanAtbWh2Z84AArtP

Cross-Site Scripting in TYPO3's Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1maDk5LTRwZ3ItOGo5Oc4AArtO

Insertion of Sensitive Information into Log File in typo3/cms-core
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS04Z212LTlod2ctdzg5Z84AArtN

Information Disclosure via Export Module
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: almost 2 years ago

High

GSA_kwCzR0hTQS04NmhwLXhyaGotZmhwcc4AAq1y

Typo3 Vulnerable to Insecure Deserialization
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1yNmZ2LTU2Z3AtajNyNM4AAq1k

Typo3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0zdzRoLXIyN2gtNHIyd84AAqx4

TYPO3 Image Processing susceptible to Code Execution
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01OXBqLTdtamgtNDQ2Nc4AAi_a

TYPO3 SQL Injection in low-level Query Generator
Ecosystems: packagist
Packages: typo3/cms-core, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS03N3A0LXdmcjgtOTc3d84AAi_T

TYPO3 Directory Traversal on ZIP extraction
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1yY2djLTR4ZmMtNTY0ds4AAi_c

TYPO3 Insecure Deserialization in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1tNjRqLWoyNTItanhtcs4AAfKx

TYPO3 SQL injection vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS03Z3hxLTVxcWMtdjNmY84AAfKp

TYPO3 Open redirect vulnerability in the Access tracking mechanism
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1yNjc0LW1jOXAtaHZ3Nc4AAe0A

TYPO3 Improper Access Control vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01Zmo4LXdoM2ctcXZxMs4AAez-

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1wOWpnLTl3ODctNnJnNM4AAeik

TYPO3 Improper Access Management in the File Abstraction Layer
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14Z2MyLXE5MjgtMjd3ds4AAaYS

TYPO3 Sensitive Information Disclosure via escapeStrForLike method
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc

TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01Y21jLXIyM20taHZycs4AAZvX

TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1tN3JnLTg1ZzgtMjhtOc3Mxw

TYPO3 API function vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1mMzVwLWhjd2YtOWY5Zs24bw

TYPO3 Unrestricted File Upload vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS01ZjJmLWhyMjMtajU5as0-Mg

TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago

High

GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw

Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS1tMmpoLWZ4dzQtZ3Bobc0WJg

HTTP Host Header Injection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1YzktOGM2bS03Mjd2

Cross-Site Scripting via Rich-Text Content
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0ZnItZmhxci03MjM1

Information Disclosure in User Authentication
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnY2ctMjh4bS04bW13

Cross-Site Scripting in Backend Grid View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtaDMtajVyNS0yMzc5

Cross-Site Scripting in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcTktZnF2OC01OXdm

Cross-Site Scripting in Page Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3aGMteDdmbS1mN3Fo

Cross-Site Scripting in Content Preview (CType menu)
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw

Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3OWotd2dxdi1nOGgy

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 3 years ago

High

Advisories: 18,330
Packages: 8,279
Repositories: 8
Ecosystems: 12

Filter by Severity

Moderate 7,912 High 6,344 Critical 2,805 Low 981

Filter by Ecosystem

maven 5,520 packagist 3,801 pypi 3,704 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8

Filter by Package

moodle/moodle 322 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 microweber/microweber 91 phpmyadmin/phpmyadmin 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 27 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 yetiforce/yetiforce-crm 16 topthink/framework 15 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 october/october 9 concrete5/core 9 alextselegidis/easyappointments 9 facturascripts/facturascripts 8 croogo/croogo 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 codiad/codiad 8 sulu/sulu 8 october/cms 8 october/backend 7 silverstripe/admin 7 statamic/cms 7 flarum/core 7 symfony/http-foundation 7 silverstripe/graphql 7 pterodactyl/panel 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 contao/core 6 nystudio107/craft-seomatic 6 composer/composer 6 in2code/femanager 6 yourls/yourls 6 bagisto/bagisto 6 wpglobus/wpglobus 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 guzzlehttp/guzzle 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3

Filter by Repository

https://github.com/TYPO3/typo3 30 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/TYPO3/html-sanitizer 1 https://github.com/TYPO3/Fluid 1 https://github.com/twbs/bootstrap 1 https://github.com/symfony/symfony 1 https://github.com/github/advisory-database 1