GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,000 advisories
Filter by severity
TYPO3 Cross-Site Scripting vulnerability in typolinks
Moderate
GHSA-75mx-chcf-2q32
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
Moderate
GHSA-pqfv-97hj-g97g
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
Moderate
GHSA-r287-hc8j-w56h
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors
Moderate
GHSA-wp8j-c736-c5r3
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used
High
GHSA-p84g-j2gh-83g3
was published
for
typo3/cms
(Composer)
May 30, 2024
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting
Moderate
GHSA-mxjf-hc9v-xgv2
was published
for
typo3/cms
(Composer)
May 30, 2024
OpenCMS Cross-Site Scripting vulnerability
Moderate
CVE-2024-5520
was published
for
org.opencms:opencms-core
(Maven)
May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-5h5v-m596-r6rf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Filelist Module
Moderate
GHSA-6xwf-7rfm-4gwc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
mysql2 vulnerable to Prototype Pollution
High
CVE-2024-21512
was published
for
mysql2
(npm)
May 30, 2024
TYPO3 Cross-Site Scripting in Link Handling
Moderate
GHSA-4ppr-jw47-9qm5
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-95qm-3xp7-vfj5
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling
High
GHSA-82vp-jr39-4j2j
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in User Authentication
Moderate
GHSA-wj85-rg5g-v8jm
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4459-qrcc-vfcf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API