Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@9.3.3
purl pkg:composer/typo3/cms-core@9.3.3
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 4.0
Vulnerabilities affecting this package (102)
Vulnerability Summary Fixed by
VCID-21e8-x7mp-hugk
Aliases:
GHSA-f9hr-7cfq-mjg2
TYPO3 Arbitrary Code Execution via File List Module Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of Debian GNU Linux are handling *.phar files as PHP applications since PHP 7.1 (for unofficial packages) and PHP 7.2 (for official packages). The file extension *.shtml is bound to server side includes which are not enabled per default in most common Linux based distributions. File extension *.pl and *.cgi require additional handlers to be configured which is also not the case in most common distributions (except for /cgi-bin/ location).
9.5.4
Affected by 75 other vulnerabilities.
VCID-2meq-x4kd-bbdn
Aliases:
2019-06-25-5
Insecure Deserialization in TYPO3 CMS.
9.5.8
Affected by 53 other vulnerabilities.
VCID-2mn6-mdmz-4yd9
Aliases:
CVE-2020-11069
GHSA-pqg8-crx9-g8m4
Backend Same-Site Request Forgery in TYPO3 CMS > ### Meta > * CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > * CWE-352 > * CWE-346 ### Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privileges of the victims' user session. In a worst case scenario new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it’s actually a same-origin request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a 3rd party extension - e.g. file upload in a contact form with knowing the target location. The attacked victim requires an active and valid backend or install tool user sessions at the time of the attack to be successful. ### Solution Update to TYPO3 versions 9.5.17 or 10.4.2 that mitigates the problem described. ### Additional Considerations The deployment of additional mitigation techniques is suggested as described below. #### Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed by again by the acting user with providing their password again - this technique is known as "sudo mode". This way unintended actions happening in the background can be mitigated. * https://github.com/FriendsOfTYPO3/sudo-mode * https://extensions.typo3.org/extension/sudo_mode #### Content Security Policy [Content Security Policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) tell (modern) browsers how resources served a particular site are handled - it also it possible to disallow script executions for specific locations. In a TYPO3 context it is suggested to disallow direct script execution at least for locations `/fileadmin/` and `/uploads/`. ``` # in fileadmin/.htaccess <IfModule mod_headers.c> Header add Content-Security-Policy "default-src 'self'; script-src 'none';" </IfModule> ``` ### Credits Thanks to Matteo Bonaker who reported this issue and to TYPO3 security team member Oliver Hader who fixed the issue. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-006
9.5.17
Affected by 42 other vulnerabilities.
10.4.2
Affected by 51 other vulnerabilities.
VCID-3gg5-1921-rbfs
Aliases:
CVE-2018-14041
GHSA-pj7m-g53m-7638
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target property of scrollspy.
9.5.4
Affected by 75 other vulnerabilities.
VCID-3n2r-awja-dug9
Aliases:
CVE-2019-19850
GHSA-59pj-7mjh-4465
TYPO3 SQL Injection in low-level Query Generator An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
9.5.12
Affected by 47 other vulnerabilities.
10.2.2
Affected by 56 other vulnerabilities.
VCID-3v4n-fzxa-bfaw
Aliases:
2019-06-25-4
Code Injection Arbitrary Code Execution and Cross-Site Scripting in Backend API.
9.5.8
Affected by 53 other vulnerabilities.
VCID-461j-9hrc-gfbc
Aliases:
GHSA-wj85-rg5g-v8jm
TYPO3 Information Disclosure in User Authentication It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user credentials.
9.5.6
Affected by 68 other vulnerabilities.
VCID-4btk-jt5n-2ugf
Aliases:
2018-12-11-8
Cross-site Scripting Cross-Site Scripting in CKEditor.
9.5.2
Affected by 88 other vulnerabilities.
VCID-4jpa-6fqh-hbfg
Aliases:
CVE-2022-31048
GHSA-3r95-23jp-mhvg
Cross-Site Scripting in TYPO3's Form Framework > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Gabe Troyan who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2022-003](https://typo3.org/security/advisory/typo3-core-sa-2022-003)
9.5.35
Affected by 0 other vulnerabilities.
10.4.29
Affected by 28 other vulnerabilities.
11.5.11
Affected by 29 other vulnerabilities.
VCID-4mkw-tv16-jyca
Aliases:
CVE-2019-10912
GHSA-w2fr-65vp-mxw3
Deserialization of Untrusted Data In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.
9.5.8
Affected by 53 other vulnerabilities.
VCID-4t9s-p25a-cfas
Aliases:
CVE-2025-47939
GHSA-9hq9-cr36-4wpj
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer ### Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`). Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. ### Solution Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described. > [!NOTE] > The mitigation strategies outlined below apply broadly to all file uploads handled through TYPO3's File Abstraction Layer (FAL), not just those performed via the backend interface. This means that any extension or custom integration leveraging FAL will also be subject to the new validation rules and configuration options. Developers are advised to review the implications for their code and refer to the [documentation of that change](https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/12.4.x/Important-106240-EnforceFile-extensionsAndMime-typeConsistencyInFileAbstractionLayer.html) for guidance. > [!IMPORTANT] > > **Strong security defaults - Manual actions required** > > These versions introduce new configuration options to better control which files are permitted for upload and to improve consistency checks. > > A new configuration option, `$GLOBALS['TYPO3_CONF_VARS']['SYS']['miscfile_ext']`, has been added. This option allows administrators to explicitly define which file extensions should be permitted that are not already part of the built-in text or media file groups - examples include archive formats such as `zip` or `xz`. > > In addition, two new feature flags have been introduced to enhance security: > * `security.system.enforceAllowedFileExtensions`, enforces the defined list of allowed file extensions. This flag is enabled by default in new TYPO3 installations, but remains disabled in existing installations to prevent breaking changes. > * `security.system.enforceFileExtensionMimeTypeConsistency`, ensures that the uploaded file’s extension matches its actual MIME type, providing further validation of file integrity. This flag is active by default. > > It is recommended to configure the allowed file extensions via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['miscfile_ext']` and to enable the feature flag `security.system.enforceAllowedFileExtensions` to enforce the restriction. ### Credits Thanks to Hamed Kohi for reporting this issue, and to TYPO3 core & security team member Oliver Hader for fixing it.
9.5.51
Affected by 0 other vulnerabilities.
10.4.50
Affected by 0 other vulnerabilities.
11.5.44
Affected by 0 other vulnerabilities.
12.4.31
Affected by 2 other vulnerabilities.
13.4.12
Affected by 2 other vulnerabilities.
VCID-543x-cnbz-1kb9
Aliases:
CVE-2020-11064
GHSA-43gj-mj2w-wh46
Cross-Site Scripting in TYPO3 CMS Form Engine In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML `placeholder` attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-002
9.5.17
Affected by 42 other vulnerabilities.
10.4.2
Affected by 51 other vulnerabilities.
VCID-551q-gpyd-ffe8
Aliases:
2019-01-22-4
Cross-site Scripting Cross-Site Scripting in Fluid `ViewHelpers`.
9.5.4
Affected by 75 other vulnerabilities.
VCID-58js-jzm4-4fc7
Aliases:
CVE-2020-11066
GHSA-2rxh-h6h9-qrqc
Class destructors causing side-effects when being unserialized in TYPO3 CMS Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay) Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-004
9.5.17
Affected by 42 other vulnerabilities.
10.4.2
Affected by 51 other vulnerabilities.
VCID-5jgb-dsyx-hyb4
Aliases:
CVE-2021-21338
GHSA-4jhw-2p6j-5wmp
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-5kzs-ex81-bbaj
Aliases:
CVE-2020-11067
GHSA-2wj9-434x-9hvp
Insecure Deserialization in Backend User Settings in TYPO3 CMS It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-005
9.5.17
Affected by 42 other vulnerabilities.
10.4.2
Affected by 51 other vulnerabilities.
VCID-5paq-5frf-43ed
Aliases:
CVE-2022-36107
GHSA-9c6w-55cp-5w25
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
9.5.37
Affected by 0 other vulnerabilities.
10.4.32
Affected by 22 other vulnerabilities.
11.5.16
Affected by 22 other vulnerabilities.
VCID-5u4q-m66t-wqcj
Aliases:
GHSA-95qm-3xp7-vfj5
TYPO3 Cross-Site Scripting in Form Framework validation handling It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.
9.5.12
Affected by 47 other vulnerabilities.
10.2.1
Affected by 58 other vulnerabilities.
VCID-5z59-dn7p-xbc5
Aliases:
GHSA-g4c9-qfvw-fmr4
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
9.5.2
Affected by 88 other vulnerabilities.
VCID-65ue-7jd9-23gf
Aliases:
CVE-2025-47938
GHSA-3jrg-97f3-rqh9
TYPO3 Unverified Password Change for Backend Users ### Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. ### Solution Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described. > [!NOTE] > In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords. ### Credits Thanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it.
9.5.51
Affected by 0 other vulnerabilities.
10.4.50
Affected by 0 other vulnerabilities.
11.5.44
Affected by 0 other vulnerabilities.
12.4.31
Affected by 2 other vulnerabilities.
13.4.12
Affected by 2 other vulnerabilities.
VCID-6a9t-8dmn-s3bv
Aliases:
CVE-2021-32667
GHSA-8mq9-fqv8-59wf
Cross-site Scripting TYPO3 contains a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (`_Web>View_`) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.
9.5.28
Affected by 30 other vulnerabilities.
10.4.18
Affected by 34 other vulnerabilities.
11.3.1
Affected by 36 other vulnerabilities.
VCID-6xmj-wbea-r7ex
Aliases:
GHSA-29m4-mx89-3mjg
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
9.5.2
Affected by 88 other vulnerabilities.
VCID-8d2m-1ffv-jqe1
Aliases:
CVE-2024-34356
GHSA-v6mw-h7w6-59w3
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module ### Problem The form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. ### Credits Thanks to TYPO3 core & security team member Benjamin Franzke who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2024-008](https://typo3.org/security/advisory/typo3-core-sa-2024-008)
9.5.48
Affected by 1 other vulnerability.
10.4.45
Affected by 0 other vulnerabilities.
11.5.37
Affected by 6 other vulnerabilities.
12.4.15
Affected by 7 other vulnerabilities.
13.1.1
Affected by 7 other vulnerabilities.
VCID-9g62-zd1x-3bdg
Aliases:
CVE-2019-12747
GHSA-86hp-xrhj-fhpq
TYPO3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
9.5.8
Affected by 53 other vulnerabilities.
VCID-9gpp-ez8w-rqav
Aliases:
2019-05-07-1
Cross-site Scripting Cross-Site Scripting in Fluid Engine.
9.5.6
Affected by 68 other vulnerabilities.
VCID-9x6r-56xm-n7h7
Aliases:
GHSA-rv8r-8mh5-5376
TYPO3 Information Disclosure in Backend User Interface The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.
9.5.8
Affected by 53 other vulnerabilities.
VCID-9zqs-hjay-fkev
Aliases:
GHSA-22q7-cg4r-p9mx
TYPO3 Cross-Site Scripting in Fluid ViewHelpers Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting.
9.5.4
Affected by 75 other vulnerabilities.
VCID-a49c-fqrj-nbb3
Aliases:
CVE-2020-26228
GHSA-954j-f27r-cj52
Cleartext storage of session identifier User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits Thanks to TYPO3 security team member Helmut Hummel who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader as well as TYPO3 contributor Markus Klein who fixed the issue.
9.5.23
Affected by 38 other vulnerabilities.
10.4.10
Affected by 46 other vulnerabilities.
VCID-a563-vtwa-hkbr
Aliases:
GHSA-66c2-7g4p-wx4p
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users.
9.5.2
Affected by 88 other vulnerabilities.
VCID-axaf-45kr-kbfe
Aliases:
2019-01-22-2
Security Misconfiguration for Backend User Accounts.
9.5.4
Affected by 75 other vulnerabilities.
VCID-axvk-13qf-tka7
Aliases:
CVE-2024-22188
GHSA-5w2h-59j3-8x5w
TYPO3 Install Tool vulnerable to Code Execution ### Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves enforcing the known disadvantages described in [TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode](https://typo3.org/security/advisory/typo3-psa-2020-002). ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to Rickmer Frier & Daniel Jonka who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-002](https://typo3.org/security/advisory/typo3-core-sa-2024-002)
9.5.46
Affected by 0 other vulnerabilities.
10.4.43
Affected by 0 other vulnerabilities.
11.5.35
Affected by 9 other vulnerabilities.
12.4.11
Affected by 10 other vulnerabilities.
13.0.1
Affected by 11 other vulnerabilities.
VCID-b6er-h7dm-3bev
Aliases:
GHSA-gqqf-g5r7-84vf
GMS-2022-4096
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) ### Problem Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer). ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011) * [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235)
9.5.37
Affected by 0 other vulnerabilities.
10.4.32
Affected by 22 other vulnerabilities.
11.5.16
Affected by 22 other vulnerabilities.
VCID-bajy-qbwq-fufn
Aliases:
CVE-2022-31047
GHSA-fh99-4pgr-8j99
Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
9.5.35
Affected by 0 other vulnerabilities.
10.4.29
Affected by 28 other vulnerabilities.
11.5.11
Affected by 29 other vulnerabilities.
VCID-bnne-7p2q-eqd2
Aliases:
2018-12-11-6
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling.
9.5.2
Affected by 88 other vulnerabilities.
VCID-cm14-t8uv-k3es
Aliases:
2019-06-25-3
Security Misconfiguration in Frontend Session Handling.
9.5.8
Affected by 53 other vulnerabilities.
VCID-d8d1-sat6-muhe
Aliases:
CVE-2021-21359
GHSA-4p9g-qgx9-397p
Denial of Service in Page Error Handling > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) > * CWE-405, CWE-674 > * Status: **DRAFT** ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. ### Solution Update to TYPO3 versions 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Paul Keller, Mathias Bolt Lesniak and Kay Strobach who reported this issue and to TYPO3 framework merger Frank Nägler and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-d99v-v9cj-zfh2
Aliases:
GHSA-rxc9-f2x6-qh4w
TYPO3 Security Misconfiguration for Backend User Accounts When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order to reflect changed configuration possibilities. However, this leads to persisting the current state as well, which can result into some of the following: - account contains empty login credentials (username and/or password) - account is incomplete and contains weak credentials (username and/or password) Albeit the functionality provided by the TYPO3 core cannot be used either with empty usernames or empty passwords, it still can be a severe vulnerability to custom authentication service implementations. This weakness cannot be directly exploited and requires interaction on purpose by some backend user having according privileges.
9.5.4
Affected by 75 other vulnerabilities.
VCID-dj88-f3p8-cfbn
Aliases:
2019-01-22-7
Code Injection Arbitrary Code Execution via File List Module.
9.5.4
Affected by 75 other vulnerabilities.
VCID-dm97-51uu-r7gw
Aliases:
2018-12-11-1
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering.
9.5.2
Affected by 88 other vulnerabilities.
VCID-dmzb-gkdn-6bcm
Aliases:
GHSA-g776-759r-pf6x
TYPO3 Broken Access Control in Import Module It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enabled. Database content to be imported however was correctly checked against users’ permissions and not affected. However it was possible to upload files by-passing restrictions of the file abstraction layer (FAL) - however this did not affect executable files which have been correctly secured by fileDenyPattern. Currently the only known vulnerability is to directly inject *.form.yaml files which could be used to trigger the vulnerability of TYPO3-CORE-SA-2018-003 (privilege escalation & SQL injection) - which requires the Form Framework (ext:form) being available on an according website. CVSSv3 scoring is based on this scenario. A valid backend user account is needed in order to exploit this vulnerability.
9.5.8
Affected by 53 other vulnerabilities.
VCID-dsu7-jjjq-f3e1
Aliases:
CVE-2021-21339
GHSA-qx3w-4864-94ch
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-e268-wagv-sbex
Aliases:
GHSA-wg8h-gxf4-g4gh
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
9.5.2
Affected by 88 other vulnerabilities.
VCID-e32h-8q61-hbgc
Aliases:
CVE-2022-31049
GHSA-h4mx-xv96-2jgm
Cross-Site Scripting in TYPO3's Frontend Login Mailer > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.9) ### Problem User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. ### Solution Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Christian Seifert who reported this issue and to TYPO3 framework merger Andreas Fernandez who fixed the issue. ### References * [TYPO3-CORE-SA-2022-004](https://typo3.org/security/advisory/typo3-core-sa-2022-004)
9.5.35
Affected by 0 other vulnerabilities.
10.4.29
Affected by 28 other vulnerabilities.
11.5.11
Affected by 29 other vulnerabilities.
VCID-eajg-ctpd-2bby
Aliases:
2019-05-07-2
Security Misconfiguration in User Session Handling.
9.5.6
Affected by 68 other vulnerabilities.
VCID-ekfd-wp8z-d7e1
Aliases:
CVE-2021-32669
GHSA-rgcg-28xm-8mmw
Cross-site Scripting TYPO3 is an open source PHP based web content management system. have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this vulnerability.
9.5.28
Affected by 30 other vulnerabilities.
10.4.18
Affected by 34 other vulnerabilities.
11.3.1
Affected by 36 other vulnerabilities.
VCID-f4bv-pzdy-dfcb
Aliases:
GHSA-p2h4-7fp3-cmh8
TYPO3 Disclosure of Information about Installed Extensions It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.
9.5.4
Affected by 75 other vulnerabilities.
VCID-f963-qur3-2qb7
Aliases:
CVE-2020-26227
GHSA-vqqx-jw6p-q3rf
Cross-Site Scripting in Fluid view helpers > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) > * CWE-79 ### Problem It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. ``` <f:form ... fieldNamePrefix="{payload}" /> <f:be.labels.csh ... label="{payload}" /> <f:be.menus.actionMenu ... label="{payload}" /> ``` ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 security team members Helmut Hummel & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010)
9.5.23
Affected by 38 other vulnerabilities.
10.4.10
Affected by 46 other vulnerabilities.
VCID-g4uc-qeb6-myed
Aliases:
CVE-2024-25119
GHSA-h47m-3f78-qp9g
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key ### Problem The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-004](https://typo3.org/security/advisory/typo3-core-sa-2024-004)
9.5.46
Affected by 0 other vulnerabilities.
10.4.43
Affected by 0 other vulnerabilities.
11.5.35
Affected by 9 other vulnerabilities.
12.4.11
Affected by 10 other vulnerabilities.
13.0.1
Affected by 11 other vulnerabilities.
VCID-gcnj-6qb6-pbgz
Aliases:
CVE-2019-19848
GHSA-77p4-wfr8-977w
TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
9.5.12
Affected by 47 other vulnerabilities.
10.2.2
Affected by 56 other vulnerabilities.
VCID-gv1b-xtv4-4yg3
Aliases:
CVE-2024-25118
GHSA-38r2-5695-334w
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords ### Problem Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to the TYPO3 framework merger Christian Kuhn and external security researchers Maximilian Beckmann, Klaus-Günther Schmidt who reported this issue, and TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2024-003](https://typo3.org/security/advisory/typo3-core-sa-2024-003)
9.5.46
Affected by 0 other vulnerabilities.
10.4.43
Affected by 0 other vulnerabilities.
11.5.35
Affected by 9 other vulnerabilities.
12.4.11
Affected by 10 other vulnerabilities.
13.0.1
Affected by 11 other vulnerabilities.
VCID-h6y3-7gsq-skh2
Aliases:
CVE-2023-47127
GHSA-3vmm-7h4j-69rm
TYPO3 vulnerable to Weak Authentication in Session Handling TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
9.5.44
Affected by 0 other vulnerabilities.
10.4.41
Affected by 0 other vulnerabilities.
11.5.33
Affected by 14 other vulnerabilities.
12.4.8
Affected by 15 other vulnerabilities.
VCID-he5m-6wj4-rbhc
Aliases:
CVE-2021-21357
GHSA-3vg7-jw9m-pc3f
Broken Access Control in Form Framework ### Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 contributor Ralf Zimmermann who fixed the issue. ### References * [TYPO3-CORE-SA-2021-003](https://typo3.org/security/advisory/typo3-core-sa-2021-003)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-hhmn-yz5p-xkap
Aliases:
GHSA-4ppr-jw47-9qm5
TYPO3 Cross-Site Scripting in Link Handling It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
9.5.12
Affected by 47 other vulnerabilities.
10.2.1
Affected by 58 other vulnerabilities.
VCID-k8af-cg9k-87a9
Aliases:
2019-01-22-5
Cross-site Scripting Cross-Site Scripting in Bootstrap CSS toolkit.
9.5.4
Affected by 75 other vulnerabilities.
VCID-kj9x-psfz-2ug1
Aliases:
2019-05-07-4
Information Disclosure in Page Tree.
9.5.6
Affected by 68 other vulnerabilities.
VCID-mh4f-vtfj-hbb1
Aliases:
GHSA-4459-qrcc-vfcf
TYPO3 Cross-Site Scripting in Form Framework Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site scripting.
9.5.4
Affected by 75 other vulnerabilities.
VCID-mnz3-rj21-67ad
Aliases:
CVE-2022-36105
GHSA-m392-235j-9r7r
TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
9.5.37
Affected by 0 other vulnerabilities.
10.4.32
Affected by 22 other vulnerabilities.
11.5.16
Affected by 22 other vulnerabilities.
VCID-mud2-s4rc-fuf6
Aliases:
CVE-2024-34358
GHSA-36g8-62qv-5957
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController ### Problem The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. #### ℹ️ **Strong security defaults - Manual actions required** The `frame` HTTP query parameter is now ignored, since it could not be used by core APIs. The new feature flag `security.frontend.allowInsecureFrameOptionInShowImageController` – which is disabled per default – can be used to reactivate the previous behavior. ### Credits Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team members Benjamin Mack and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-010](https://typo3.org/security/advisory/typo3-core-sa-2024-010)
9.5.48
Affected by 1 other vulnerability.
10.4.45
Affected by 0 other vulnerabilities.
11.5.37
Affected by 6 other vulnerabilities.
12.4.15
Affected by 7 other vulnerabilities.
13.1.1
Affected by 7 other vulnerabilities.
VCID-n15v-ta9h-6ffb
Aliases:
CVE-2021-32767
GHSA-34fr-fhqr-7235
Inclusion of Sensitive Information in Log Files TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
9.5.28
Affected by 30 other vulnerabilities.
10.4.18
Affected by 34 other vulnerabilities.
11.3.1
Affected by 36 other vulnerabilities.
VCID-n1cb-8py6-bbhu
Aliases:
GHSA-ppvg-hw62-6ph9
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
9.5.2
Affected by 88 other vulnerabilities.
VCID-n78p-x7hh-gqcf
Aliases:
2018-12-11-5
Information Disclosure in Install Tool.
9.5.2
Affected by 88 other vulnerabilities.
VCID-n7ng-zkkb-2qaz
Aliases:
CVE-2024-25120
GHSA-wf85-8hx9-gj7c
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme ### Problem The TYPO3-specific [`t3://` URI scheme](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references) could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-005](https://typo3.org/security/advisory/typo3-core-sa-2024-005)
9.5.46
Affected by 0 other vulnerabilities.
10.4.43
Affected by 0 other vulnerabilities.
11.5.35
Affected by 9 other vulnerabilities.
12.4.11
Affected by 10 other vulnerabilities.
13.0.1
Affected by 11 other vulnerabilities.
VCID-nubu-f1sc-gbes
Aliases:
CVE-2025-47937
GHSA-x8pv-fgxp-8v3x
TYPO3 Allows Information Disclosure via DBAL Restriction Handling ### Problem When performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the last table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. ### Solution Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described. ### Credits Thanks to Christian Futterlieb for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it.
9.5.51
Affected by 0 other vulnerabilities.
10.4.50
Affected by 0 other vulnerabilities.
11.5.44
Affected by 0 other vulnerabilities.
12.4.31
Affected by 2 other vulnerabilities.
13.4.12
Affected by 2 other vulnerabilities.
VCID-nxq4-m52q-yuh4
Aliases:
GHSA-wvvp-jwf5-qcpc
TYPO3 Information Disclosure in Page Tree It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.
9.5.6
Affected by 68 other vulnerabilities.
VCID-p715-yexd-jfgc
Aliases:
2019-01-22-8
Cross-site Scripting Cross-Site Scripting in Language Pack Handling.
9.5.4
Affected by 75 other vulnerabilities.
VCID-phgh-sd4m-zbdx
Aliases:
CVE-2020-15099
GHSA-3x94-fv5h-5q2c
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5) > * CWE-20, CWE-200 ### Problem In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal _encryptionKey_ was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch _typo3conf/LocalConfiguration.php_ which again contains the _encryptionKey_ as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. ### Solution Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007)
9.5.20
Affected by 40 other vulnerabilities.
10.4.6
Affected by 49 other vulnerabilities.
VCID-pmzz-9rws-4ud5
Aliases:
GHSA-x428-565f-8xj2
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings. A valid backend user account having access to modify values for fields `pages.TSconfig` and `pages.tsconfig_includes` is needed in order to exploit this vulnerability.
9.5.8
Affected by 53 other vulnerabilities.
VCID-pss5-as4b-cyf2
Aliases:
GHSA-xmgr-jff3-fcfv
TYPO3 Security Misconfiguration in User Session Handling When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
9.5.6
Affected by 68 other vulnerabilities.
VCID-px44-19tj-h7aa
Aliases:
2019-01-22-6
Cross-site Scripting Cross-Site Scripting in Form Framework.
9.5.4
Affected by 75 other vulnerabilities.
VCID-q8hy-wjd9-nbgp
Aliases:
2019-05-07-3
Code Injection Possible Arbitrary Code Execution in Image Processing.
9.5.6
Affected by 68 other vulnerabilities.
VCID-qb4j-9tz7-m7a2
Aliases:
CVE-2018-17960
GHSA-g68x-vvqq-pvw3
Cross-site Scripting CKEditor allows user-assisted XSS involving a source-mode paste.
9.5.2
Affected by 88 other vulnerabilities.
VCID-raxk-rm9v-hubn
Aliases:
2019-05-07-5
Information Disclosure in User Authentication.
9.5.6
Affected by 68 other vulnerabilities.
VCID-rdrs-mhaw-b3ge
Aliases:
2018-12-11-3
Cross-site Scripting Cross-Site Scripting in Frontend User Login.
9.5.2
Affected by 88 other vulnerabilities.
VCID-remd-55jh-r3g5
Aliases:
CVE-2022-31050
GHSA-wwjw-r3gj-39fq
Insufficient Session Expiration in TYPO3's Admin Tool > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6) ### Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. ### Solution Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Kien Hoang who reported this issue and to TYPO3 framework merger Ralf Zimmermann and TYPO3 security member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-005](https://typo3.org/security/advisory/typo3-core-sa-2022-005)
9.5.35
Affected by 0 other vulnerabilities.
10.4.29
Affected by 28 other vulnerabilities.
11.5.11
Affected by 29 other vulnerabilities.
VCID-rwqs-3ktq-qqbd
Aliases:
GHSA-8c25-vj2w-p72j
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
9.5.2
Affected by 88 other vulnerabilities.
VCID-s53a-f91p-huf4
Aliases:
GHSA-82vp-jr39-4j2j
TYPO3 Security Misconfiguration in Frontend Session Handling It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data.
9.5.8
Affected by 53 other vulnerabilities.
VCID-s55j-8hbt-akhn
Aliases:
CVE-2022-31046
GHSA-8gmv-9hwg-w89g
Information Disclosure via Export Module > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0) ### Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. ℹ️ **Strong security defaults - Manual actions required** Following User TSconfig setting would allow using the export functionality for particular users: ``` options.impexp.enableExportForNonAdminUser = 1 ``` ### Credits Thanks to TYPO3 core merger Lina Wolf who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-001](https://typo3.org/security/advisory/typo3-core-sa-2022-001)
9.5.35
Affected by 0 other vulnerabilities.
10.4.29
Affected by 28 other vulnerabilities.
11.5.11
Affected by 29 other vulnerabilities.
VCID-s64f-x81f-b7ce
Aliases:
CVE-2021-32668
GHSA-6mh3-j5r5-2379
Cross-site Scripting TYPO3 contains a cross-site scripting vulnerability. When error messages are not properly encoded, the components `_QueryGenerator_` and `_QueryView_` are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.
9.5.28
Affected by 30 other vulnerabilities.
10.4.18
Affected by 34 other vulnerabilities.
11.3.1
Affected by 36 other vulnerabilities.
VCID-stzu-sxe6-5yf5
Aliases:
2019-06-25-1
Information Disclosure in Backend User Interface.
9.5.8
Affected by 53 other vulnerabilities.
VCID-sw7v-fbjk-13hy
Aliases:
CVE-2020-15098
GHSA-m5vr-3m74-jwxp
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) > * CWE-325, CWE-20, CWE-200, CWE-502 ### Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below. * [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network) + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high) * [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization & Remote Code Execution + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical) The overall severity of this vulnerability is **high (8.2)** based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). ### Solution Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2020-008](https://typo3.org/security/advisory/typo3-core-sa-2020-008)
9.5.20
Affected by 40 other vulnerabilities.
10.4.6
Affected by 49 other vulnerabilities.
VCID-swnc-ke6h-ekew
Aliases:
GHSA-6xwf-7rfm-4gwc
TYPO3 Cross-Site Scripting in Filelist Module It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.
9.5.12
Affected by 47 other vulnerabilities.
10.2.1
Affected by 58 other vulnerabilities.
VCID-t1n7-eswt-73gw
Aliases:
CVE-2022-23503
GHSA-c5wx-6c2c-f7rm
GMS-2022-8132
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework ### Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item (known as [`formDefinitionOverrides`](https://docs.typo3.org/c/typo3/cms-form/main/en-us/I/Concepts/FrontendRendering/Index.html#form-element-properties)) and a valid backend user account with access to the form module are needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-015](https://typo3.org/security/advisory/typo3-core-sa-2022-015)
9.5.38
Affected by 0 other vulnerabilities.
10.4.33
Affected by 17 other vulnerabilities.
11.5.20
Affected by 17 other vulnerabilities.
12.1.1
Affected by 18 other vulnerabilities.
VCID-t3jn-vwbx-u7cr
Aliases:
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-taj6-zj2n-5kg8
Aliases:
CVE-2024-25121
GHSA-rj3x-wvc6-5j66
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler ### Problem Entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. #### ℹ️ Strong security defaults - Manual actions required When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. ### Credits Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2024-006](https://typo3.org/security/advisory/typo3-core-sa-2024-006)
9.5.46
Affected by 0 other vulnerabilities.
10.4.43
Affected by 0 other vulnerabilities.
11.5.35
Affected by 9 other vulnerabilities.
12.4.11
Affected by 10 other vulnerabilities.
13.0.1
Affected by 11 other vulnerabilities.
VCID-tnjd-pyys-akav
Aliases:
GHSA-5h5v-m596-r6rf
TYPO3 Possible Insecure Deserialization in Extbase Request Handling It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensitive information could have been leaked by accident (e.g. in repositories or in commonly known and unprotected backup files), there is the possibility that attackers know the private encryptionKey and are able to calculate the required HMAC-SHA1 to allow a malicious payload to be deserialized. Requirements for successfully exploiting this vulnerability (all of the following): - rendering at least one Extbase plugin in the frontend - encryptionKey has been leaked (from LocalConfiguration.php or corresponding .env file)
9.5.12
Affected by 47 other vulnerabilities.
VCID-tw1y-t4qj-j3d1
Aliases:
2018-12-11-2
Cross-site Scripting Cross-Site Scripting in Backend Modal Component.
9.5.2
Affected by 88 other vulnerabilities.
VCID-u9bx-8e86-wbew
Aliases:
2019-06-25-7
Improper Access Control Broken Access Control in Import Module.
9.5.8
Affected by 53 other vulnerabilities.
VCID-ve7g-8st5-wffb
Aliases:
CVE-2022-23500
GHSA-8c28-5mp7-v24h
GMS-2022-8130
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in [TYPO3-CORE-SA-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005) (CVE-2021-21359). ### Solution Update to TYPO3 versions 9.5.38 ELTS, 10.4.33 or 11.5.20 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-012](https://typo3.org/security/advisory/typo3-core-sa-2022-012)
9.5.38
Affected by 0 other vulnerabilities.
10.4.33
Affected by 17 other vulnerabilities.
11.5.20
Affected by 17 other vulnerabilities.
VCID-vxry-uvph-kbfd
Aliases:
2019-06-25-2
Cross-site Scripting Cross-Site Scripting in Link Handling.
9.5.8
Affected by 53 other vulnerabilities.
VCID-vyvy-y3cw-hbgr
Aliases:
CVE-2023-24814
GHSA-r4f8-f93x-5qh3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) is vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php is vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.
9.5.40
Affected by 0 other vulnerabilities.
10.4.36
Affected by 16 other vulnerabilities.
11.5.23
Affected by 16 other vulnerabilities.
12.2.0
Affected by 17 other vulnerabilities.
VCID-w13x-3rp9-wyej
Aliases:
CVE-2022-23504
GHSA-8w3p-qh3x-6gjr
GMS-2022-8131
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration > ### CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.3) ### Problem Due to the lack of handling user-submitted [YAML placeholder expressions](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Configuration/Yaml/YamlApi.html#custom-placeholder-processing) in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### Credits Thanks to TYPO3 core & security team member Oliver Hader who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2022-016](https://typo3.org/security/advisory/typo3-core-sa-2022-016)
9.5.38
Affected by 0 other vulnerabilities.
10.4.33
Affected by 17 other vulnerabilities.
11.5.20
Affected by 17 other vulnerabilities.
12.1.1
Affected by 18 other vulnerabilities.
VCID-wea9-egep-h7g5
Aliases:
2019-01-22-1
Information Disclosure of Installed Extensions.
9.5.4
Affected by 75 other vulnerabilities.
VCID-xa4m-xpa9-v7h8
Aliases:
CVE-2019-19849
GHSA-rcgc-4xfc-564v
TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
9.5.12
Affected by 47 other vulnerabilities.
10.2.1
Affected by 58 other vulnerabilities.
VCID-xh7y-56vy-5ud8
Aliases:
CVE-2021-21355
GHSA-2r6j-862c-m2v2
Unrestricted File Upload in Form Framework ### Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. TYPO3 Extbase extensions, which implement a file upload and do not implement a custom _TypeConverter_ to transform uploaded files into _FileReference_ domain model objects are affected by the vulnerability as well, since the _UploadedFileReferenceConverter_ of _ext:form_ handles the file upload and will accept files of any mime-type which are persisted to the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. ### Solution Update to TYPO3 versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. Type converter _UploadedFileReferenceConverter_ is not registered globally anymore and just handles uploaded files within the scope of the Form Framework. Guessable storage location has changed from _/fileadmin/user_upload/form\_\<random-hash\>/_ to _/fileadmin/form_uploads/<random-40-bit>_. Allowed mime-types must match expected file extensions (e.g. _application/pdf_ must be _.pdf_, and cannot be _.html_). Extbase extensions, who rely on the global availability of the _UploadedFileReferenceConverter_ must now implement a custom _TypeConverter_ to handle file uploads or explicitly implement the ext:form _UploadedFileReferenceConverter_ with appropriate setting for accepted mime-types. ### Credits Thanks to Sebastian Michaelsen, Marc Lindemann, Oliver Eglseder, Markus Volkmer, Jakob Kunzmann, Johannes Regner, Richie Lee who reported this issue, and to TYPO3 core & security team members Oliver Hader & Benni Mack, as well as TYPO3 contributor Ralf Zimmermann who fixed the issue. ### References * [TYPO3-CORE-SA-2021-002](https://typo3.org/security/advisory/typo3-core-sa-2021-002)
9.5.25
Affected by 32 other vulnerabilities.
10.4.14
Affected by 38 other vulnerabilities.
11.1.1
Affected by 39 other vulnerabilities.
VCID-xtdg-uj46-rkcm
Aliases:
2019-06-25-6
Deserialization of Untrusted Data Possible deserialization side-effects in `symfony/cache`.
9.5.8
Affected by 53 other vulnerabilities.
VCID-xy6y-312d-rygj
Aliases:
CVE-2024-55892
GHSA-2fx5-pggv-6jjr
TYPO3 Potential Open Redirect via Parsing Differences ### Problem Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. ### Solution Update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described. ### Credits Thanks to Sam Mush and Christian Eßl who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2025-002](https://typo3.org/security/advisory/typo3-core-sa-2025-002)
9.5.49
Affected by 0 other vulnerabilities.
10.4.48
Affected by 0 other vulnerabilities.
11.5.42
Affected by 0 other vulnerabilities.
12.4.25
Affected by 6 other vulnerabilities.
13.4.3
Affected by 6 other vulnerabilities.
VCID-y32z-2d3f-gkgw
Aliases:
CVE-2021-32768
GHSA-c5c9-8c6m-727v
Cross-site Scripting TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
9.5.29
Affected by 27 other vulnerabilities.
10.4.19
Affected by 33 other vulnerabilities.
11.3.2
Affected by 35 other vulnerabilities.
VCID-yzx1-4psv-7bhr
Aliases:
GHSA-76r3-m635-p3vc
TYPO3 Cross-Site Scripting in Language Pack Handling Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting.
9.5.4
Affected by 75 other vulnerabilities.
VCID-zdq2-dhb2-6kaq
Aliases:
CVE-2022-23501
GHSA-jfp7-79g7-89rf
GMS-2022-8134
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
9.5.38
Affected by 0 other vulnerabilities.
10.4.33
Affected by 17 other vulnerabilities.
11.5.20
Affected by 17 other vulnerabilities.
12.1.1
Affected by 18 other vulnerabilities.
VCID-zkea-ge1t-z7gn
Aliases:
CVE-2019-12748
GHSA-r6fv-56gp-j3r4
Cross-site Scripting TYPO3 allows XSS.
9.5.8
Affected by 53 other vulnerabilities.
VCID-zspb-bd6j-wyd2
Aliases:
2018-12-11-4
Security Misconfiguration in Install Tool Cookie.
9.5.2
Affected by 88 other vulnerabilities.
VCID-zwgt-rm1f-6bf2
Aliases:
CVE-2024-34357
GHSA-hw6c-6gwq-3m3m
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController ### Problem Failing to properly encode user-controlled values in file entities, the `ShowImageController` (_eID tx_cms_showpic_) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2024-009](https://typo3.org/security/advisory/typo3-core-sa-2024-009)
9.5.48
Affected by 1 other vulnerability.
10.4.45
Affected by 0 other vulnerabilities.
11.5.37
Affected by 6 other vulnerabilities.
12.4.15
Affected by 7 other vulnerabilities.
13.1.1
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:29:14.116365+00:00 GitLab Importer Affected by VCID-4t9s-p25a-cfas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47939.yml 38.4.0
2026-04-16T23:29:13.297311+00:00 GitLab Importer Affected by VCID-nubu-f1sc-gbes https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47937.yml 38.4.0
2026-04-16T23:29:08.150548+00:00 GitLab Importer Affected by VCID-65ue-7jd9-23gf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47938.yml 38.4.0
2026-04-16T23:18:47.550621+00:00 GitLab Importer Affected by VCID-xy6y-312d-rygj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-55892.yml 38.4.0
2026-04-16T23:00:10.605582+00:00 GitLab Importer Affected by VCID-pss5-as4b-cyf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-xmgr-jff3-fcfv.yml 38.4.0
2026-04-16T23:00:10.264281+00:00 GitLab Importer Affected by VCID-hhmn-yz5p-xkap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4ppr-jw47-9qm5.yml 38.4.0
2026-04-16T23:00:09.941745+00:00 GitLab Importer Affected by VCID-pmzz-9rws-4ud5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-x428-565f-8xj2.yml 38.4.0
2026-04-16T23:00:09.373513+00:00 GitLab Importer Affected by VCID-6xmj-wbea-r7ex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-29m4-mx89-3mjg.yml 38.4.0
2026-04-16T23:00:09.090176+00:00 GitLab Importer Affected by VCID-s53a-f91p-huf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-82vp-jr39-4j2j.yml 38.4.0
2026-04-16T23:00:08.756069+00:00 GitLab Importer Affected by VCID-swnc-ke6h-ekew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-6xwf-7rfm-4gwc.yml 38.4.0
2026-04-16T23:00:08.015104+00:00 GitLab Importer Affected by VCID-dmzb-gkdn-6bcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g776-759r-pf6x.yml 38.4.0
2026-04-16T23:00:07.832241+00:00 GitLab Importer Affected by VCID-9zqs-hjay-fkev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-22q7-cg4r-p9mx.yml 38.4.0
2026-04-16T23:00:07.459736+00:00 GitLab Importer Affected by VCID-461j-9hrc-gfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wj85-rg5g-v8jm.yml 38.4.0
2026-04-16T23:00:07.055507+00:00 GitLab Importer Affected by VCID-5z59-dn7p-xbc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g4c9-qfvw-fmr4.yml 38.4.0
2026-04-16T23:00:06.503114+00:00 GitLab Importer Affected by VCID-21e8-x7mp-hugk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-f9hr-7cfq-mjg2.yml 38.4.0
2026-04-16T23:00:05.587010+00:00 GitLab Importer Affected by VCID-9x6r-56xm-n7h7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rv8r-8mh5-5376.yml 38.4.0
2026-04-16T23:00:03.697236+00:00 GitLab Importer Affected by VCID-mh4f-vtfj-hbb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4459-qrcc-vfcf.yml 38.4.0
2026-04-16T23:00:03.416426+00:00 GitLab Importer Affected by VCID-f4bv-pzdy-dfcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-p2h4-7fp3-cmh8.yml 38.4.0
2026-04-16T23:00:03.146612+00:00 GitLab Importer Affected by VCID-rwqs-3ktq-qqbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-8c25-vj2w-p72j.yml 38.4.0
2026-04-16T23:00:01.719127+00:00 GitLab Importer Affected by VCID-yzx1-4psv-7bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-76r3-m635-p3vc.yml 38.4.0
2026-04-16T22:59:59.883674+00:00 GitLab Importer Affected by VCID-5u4q-m66t-wqcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-95qm-3xp7-vfj5.yml 38.4.0
2026-04-16T22:59:58.942574+00:00 GitLab Importer Affected by VCID-e268-wagv-sbex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wg8h-gxf4-g4gh.yml 38.4.0
2026-04-16T22:59:58.649443+00:00 GitLab Importer Affected by VCID-tnjd-pyys-akav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-5h5v-m596-r6rf.yml 38.4.0
2026-04-16T22:59:57.890471+00:00 GitLab Importer Affected by VCID-a563-vtwa-hkbr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-66c2-7g4p-wx4p.yml 38.4.0
2026-04-16T22:59:57.602736+00:00 GitLab Importer Affected by VCID-nxq4-m52q-yuh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wvvp-jwf5-qcpc.yml 38.4.0
2026-04-16T22:59:57.412034+00:00 GitLab Importer Affected by VCID-d99v-v9cj-zfh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rxc9-f2x6-qh4w.yml 38.4.0
2026-04-16T22:59:57.140276+00:00 GitLab Importer Affected by VCID-n1cb-8py6-bbhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-ppvg-hw62-6ph9.yml 38.4.0
2026-04-16T22:58:18.046227+00:00 GitLab Importer Affected by VCID-8d2m-1ffv-jqe1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34356.yml 38.4.0
2026-04-16T22:58:07.988842+00:00 GitLab Importer Affected by VCID-zwgt-rm1f-6bf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34357.yml 38.4.0
2026-04-16T22:57:55.884510+00:00 GitLab Importer Affected by VCID-mud2-s4rc-fuf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34358.yml 38.4.0
2026-04-16T22:50:49.676213+00:00 GitLab Importer Affected by VCID-axvk-13qf-tka7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-22188.yml 38.4.0
2026-04-16T22:50:48.895012+00:00 GitLab Importer Affected by VCID-n7ng-zkkb-2qaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25120.yml 38.4.0
2026-04-16T22:50:47.483415+00:00 GitLab Importer Affected by VCID-taj6-zj2n-5kg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25121.yml 38.4.0
2026-04-16T22:50:46.433602+00:00 GitLab Importer Affected by VCID-g4uc-qeb6-myed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25119.yml 38.4.0
2026-04-16T22:50:45.388262+00:00 GitLab Importer Affected by VCID-gv1b-xtv4-4yg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25118.yml 38.4.0
2026-04-16T22:43:18.469463+00:00 GitLab Importer Affected by VCID-h6y3-7gsq-skh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-47127.yml 38.4.0
2026-04-16T22:21:15.371924+00:00 GitLab Importer Affected by VCID-vyvy-y3cw-hbgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-24814.yml 38.4.0
2026-04-16T22:18:14.559770+00:00 GitLab Importer Affected by VCID-t1n7-eswt-73gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23503.yml 38.4.0
2026-04-16T22:18:13.605614+00:00 GitLab Importer Affected by VCID-ve7g-8st5-wffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23500.yml 38.4.0
2026-04-16T22:18:09.271392+00:00 GitLab Importer Affected by VCID-zdq2-dhb2-6kaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23501.yml 38.4.0
2026-04-16T22:17:58.027721+00:00 GitLab Importer Affected by VCID-w13x-3rp9-wyej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23504.yml 38.4.0
2026-04-16T22:08:47.550249+00:00 GitLab Importer Affected by VCID-b6er-h7dm-3bev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GMS-2022-4096.yml 38.4.0
2026-04-16T22:08:41.075803+00:00 GitLab Importer Affected by VCID-mnz3-rj21-67ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36105.yml 38.4.0
2026-04-16T22:08:39.532579+00:00 GitLab Importer Affected by VCID-5paq-5frf-43ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36107.yml 38.4.0
2026-04-16T22:04:04.845865+00:00 GitLab Importer Affected by VCID-remd-55jh-r3g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31050.yml 38.4.0
2026-04-16T22:03:54.378794+00:00 GitLab Importer Affected by VCID-e32h-8q61-hbgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31049.yml 38.4.0
2026-04-16T22:03:53.058911+00:00 GitLab Importer Affected by VCID-4jpa-6fqh-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31048.yml 38.4.0
2026-04-16T22:03:52.459168+00:00 GitLab Importer Affected by VCID-s55j-8hbt-akhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31046.yml 38.4.0
2026-04-16T22:03:37.596329+00:00 GitLab Importer Affected by VCID-bajy-qbwq-fufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31047.yml 38.4.0
2026-04-16T22:01:00.475088+00:00 GitLab Importer Affected by VCID-3n2r-awja-dug9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19850.yml 38.4.0
2026-04-16T21:59:12.251462+00:00 GitLab Importer Affected by VCID-zkea-ge1t-z7gn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12748.yml 38.4.0
2026-04-16T21:59:07.319148+00:00 GitLab Importer Affected by VCID-9g62-zd1x-3bdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12747.yml 38.4.0
2026-04-16T21:57:55.618333+00:00 GitLab Importer Affected by VCID-gcnj-6qb6-pbgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19848.yml 38.4.0
2026-04-16T21:56:20.524538+00:00 GitLab Importer Affected by VCID-xa4m-xpa9-v7h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19849.yml 38.4.0
2026-04-16T21:28:09.557754+00:00 GitLab Importer Affected by VCID-y32z-2d3f-gkgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32768.yml 38.4.0
2026-04-16T21:27:41.186499+00:00 GitLab Importer Affected by VCID-n15v-ta9h-6ffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32767.yml 38.4.0
2026-04-16T21:27:38.780679+00:00 GitLab Importer Affected by VCID-s64f-x81f-b7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32668.yml 38.4.0
2026-04-16T21:27:37.719978+00:00 GitLab Importer Affected by VCID-ekfd-wp8z-d7e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32669.yml 38.4.0
2026-04-16T21:27:37.083116+00:00 GitLab Importer Affected by VCID-6a9t-8dmn-s3bv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32667.yml 38.4.0
2026-04-16T21:19:26.302362+00:00 GitLab Importer Affected by VCID-xh7y-56vy-5ud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21355.yml 38.4.0
2026-04-16T21:19:24.979468+00:00 GitLab Importer Affected by VCID-dsu7-jjjq-f3e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21339.yml 38.4.0
2026-04-16T21:19:24.123173+00:00 GitLab Importer Affected by VCID-he5m-6wj4-rbhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21357.yml 38.4.0
2026-04-16T21:19:22.739488+00:00 GitLab Importer Affected by VCID-5jgb-dsyx-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21338.yml 38.4.0
2026-04-16T21:19:19.736044+00:00 GitLab Importer Affected by VCID-t3jn-vwbx-u7cr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21370.yml 38.4.0
2026-04-16T21:19:16.428512+00:00 GitLab Importer Affected by VCID-d8d1-sat6-muhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21359.yml 38.4.0
2026-04-16T21:14:25.651019+00:00 GitLab Importer Affected by VCID-f963-qur3-2qb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26227.yml 38.4.0
2026-04-16T21:14:21.066113+00:00 GitLab Importer Affected by VCID-a49c-fqrj-nbb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26228.yml 38.4.0
2026-04-16T21:06:05.464428+00:00 GitLab Importer Affected by VCID-phgh-sd4m-zbdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15099.yml 38.4.0
2026-04-16T21:06:04.709431+00:00 GitLab Importer Affected by VCID-sw7v-fbjk-13hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15098.yml 38.4.0
2026-04-16T21:03:26.259082+00:00 GitLab Importer Affected by VCID-2mn6-mdmz-4yd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11069.yml 38.4.0
2026-04-16T21:03:24.774328+00:00 GitLab Importer Affected by VCID-58js-jzm4-4fc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11066.yml 38.4.0
2026-04-16T21:03:23.404110+00:00 GitLab Importer Affected by VCID-5kzs-ex81-bbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11067.yml 38.4.0
2026-04-16T21:03:21.050001+00:00 GitLab Importer Affected by VCID-543x-cnbz-1kb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11064.yml 38.4.0
2026-04-16T21:00:33.100179+00:00 GitLab Importer Affected by VCID-4mkw-tv16-jyca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-10912.yml 38.4.0
2026-04-16T20:55:42.283510+00:00 GitLab Importer Affected by VCID-2meq-x4kd-bbdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-5.yml 38.4.0
2026-04-16T20:55:41.646713+00:00 GitLab Importer Affected by VCID-cm14-t8uv-k3es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-3.yml 38.4.0
2026-04-16T20:55:41.397149+00:00 GitLab Importer Affected by VCID-u9bx-8e86-wbew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-7.yml 38.4.0
2026-04-16T20:55:41.001641+00:00 GitLab Importer Affected by VCID-3v4n-fzxa-bfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-4.yml 38.4.0
2026-04-16T20:55:40.037610+00:00 GitLab Importer Affected by VCID-stzu-sxe6-5yf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-1.yml 38.4.0
2026-04-16T20:55:39.775306+00:00 GitLab Importer Affected by VCID-xtdg-uj46-rkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-6.yml 38.4.0
2026-04-16T20:55:39.390759+00:00 GitLab Importer Affected by VCID-vxry-uvph-kbfd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-2.yml 38.4.0
2026-04-16T20:54:14.406795+00:00 GitLab Importer Affected by VCID-9gpp-ez8w-rqav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-1.yml 38.4.0
2026-04-16T20:54:12.615739+00:00 GitLab Importer Affected by VCID-raxk-rm9v-hubn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-5.yml 38.4.0
2026-04-16T20:54:12.088473+00:00 GitLab Importer Affected by VCID-q8hy-wjd9-nbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-3.yml 38.4.0
2026-04-16T20:54:11.451717+00:00 GitLab Importer Affected by VCID-eajg-ctpd-2bby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-2.yml 38.4.0
2026-04-16T20:54:11.201276+00:00 GitLab Importer Affected by VCID-kj9x-psfz-2ug1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-4.yml 38.4.0
2026-04-16T20:51:28.206662+00:00 GitLab Importer Affected by VCID-px44-19tj-h7aa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-6.yml 38.4.0
2026-04-16T20:51:27.976898+00:00 GitLab Importer Affected by VCID-axaf-45kr-kbfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-2.yml 38.4.0
2026-04-16T20:51:27.072291+00:00 GitLab Importer Affected by VCID-dj88-f3p8-cfbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-7.yml 38.4.0
2026-04-16T20:51:26.442330+00:00 GitLab Importer Affected by VCID-p715-yexd-jfgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-8.yml 38.4.0
2026-04-16T20:51:25.656512+00:00 GitLab Importer Affected by VCID-wea9-egep-h7g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-1.yml 38.4.0
2026-04-16T20:51:25.080596+00:00 GitLab Importer Affected by VCID-551q-gpyd-ffe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-4.yml 38.4.0
2026-04-16T20:51:24.211931+00:00 GitLab Importer Affected by VCID-k8af-cg9k-87a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-5.yml 38.4.0
2026-04-16T20:50:34.001590+00:00 GitLab Importer Affected by VCID-dm97-51uu-r7gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-1.yml 38.4.0
2026-04-16T20:50:33.784437+00:00 GitLab Importer Affected by VCID-4btk-jt5n-2ugf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-8.yml 38.4.0
2026-04-16T20:50:32.942437+00:00 GitLab Importer Affected by VCID-rdrs-mhaw-b3ge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-3.yml 38.4.0
2026-04-16T20:50:32.733767+00:00 GitLab Importer Affected by VCID-n78p-x7hh-gqcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-5.yml 38.4.0
2026-04-16T20:50:32.055509+00:00 GitLab Importer Affected by VCID-tw1y-t4qj-j3d1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-2.yml 38.4.0
2026-04-16T20:50:30.600150+00:00 GitLab Importer Affected by VCID-zspb-bd6j-wyd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-4.yml 38.4.0
2026-04-16T20:50:29.453605+00:00 GitLab Importer Affected by VCID-bnne-7p2q-eqd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-6.yml 38.4.0
2026-04-16T20:50:19.847173+00:00 GitLab Importer Affected by VCID-qb4j-9tz7-m7a2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-17960.yml 38.4.0
2026-04-16T20:47:35.607962+00:00 GitLab Importer Affected by VCID-3gg5-1921-rbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-14041.yml 38.4.0
2026-04-12T00:48:55.109410+00:00 GitLab Importer Affected by VCID-4t9s-p25a-cfas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47939.yml 38.3.0
2026-04-12T00:48:54.217523+00:00 GitLab Importer Affected by VCID-nubu-f1sc-gbes https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47937.yml 38.3.0
2026-04-12T00:48:48.371843+00:00 GitLab Importer Affected by VCID-65ue-7jd9-23gf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47938.yml 38.3.0
2026-04-12T00:37:37.185686+00:00 GitLab Importer Affected by VCID-xy6y-312d-rygj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-55892.yml 38.3.0
2026-04-12T00:18:05.447565+00:00 GitLab Importer Affected by VCID-pss5-as4b-cyf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-xmgr-jff3-fcfv.yml 38.3.0
2026-04-12T00:18:05.229732+00:00 GitLab Importer Affected by VCID-hhmn-yz5p-xkap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4ppr-jw47-9qm5.yml 38.3.0
2026-04-12T00:18:05.017705+00:00 GitLab Importer Affected by VCID-pmzz-9rws-4ud5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-x428-565f-8xj2.yml 38.3.0
2026-04-12T00:18:04.631965+00:00 GitLab Importer Affected by VCID-6xmj-wbea-r7ex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-29m4-mx89-3mjg.yml 38.3.0
2026-04-12T00:18:04.448914+00:00 GitLab Importer Affected by VCID-s53a-f91p-huf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-82vp-jr39-4j2j.yml 38.3.0
2026-04-12T00:18:04.240805+00:00 GitLab Importer Affected by VCID-swnc-ke6h-ekew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-6xwf-7rfm-4gwc.yml 38.3.0
2026-04-12T00:18:03.702953+00:00 GitLab Importer Affected by VCID-dmzb-gkdn-6bcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g776-759r-pf6x.yml 38.3.0
2026-04-12T00:18:03.560053+00:00 GitLab Importer Affected by VCID-9zqs-hjay-fkev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-22q7-cg4r-p9mx.yml 38.3.0
2026-04-12T00:18:03.281262+00:00 GitLab Importer Affected by VCID-461j-9hrc-gfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wj85-rg5g-v8jm.yml 38.3.0
2026-04-12T00:18:02.991250+00:00 GitLab Importer Affected by VCID-5z59-dn7p-xbc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g4c9-qfvw-fmr4.yml 38.3.0
2026-04-12T00:18:02.594767+00:00 GitLab Importer Affected by VCID-21e8-x7mp-hugk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-f9hr-7cfq-mjg2.yml 38.3.0
2026-04-12T00:18:01.942431+00:00 GitLab Importer Affected by VCID-9x6r-56xm-n7h7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rv8r-8mh5-5376.yml 38.3.0
2026-04-12T00:18:00.584561+00:00 GitLab Importer Affected by VCID-mh4f-vtfj-hbb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4459-qrcc-vfcf.yml 38.3.0
2026-04-12T00:18:00.402638+00:00 GitLab Importer Affected by VCID-f4bv-pzdy-dfcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-p2h4-7fp3-cmh8.yml 38.3.0
2026-04-12T00:18:00.223154+00:00 GitLab Importer Affected by VCID-rwqs-3ktq-qqbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-8c25-vj2w-p72j.yml 38.3.0
2026-04-12T00:17:59.298816+00:00 GitLab Importer Affected by VCID-yzx1-4psv-7bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-76r3-m635-p3vc.yml 38.3.0
2026-04-12T00:17:58.002218+00:00 GitLab Importer Affected by VCID-5u4q-m66t-wqcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-95qm-3xp7-vfj5.yml 38.3.0
2026-04-12T00:17:57.300144+00:00 GitLab Importer Affected by VCID-e268-wagv-sbex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wg8h-gxf4-g4gh.yml 38.3.0
2026-04-12T00:17:57.078073+00:00 GitLab Importer Affected by VCID-tnjd-pyys-akav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-5h5v-m596-r6rf.yml 38.3.0
2026-04-12T00:17:56.530689+00:00 GitLab Importer Affected by VCID-a563-vtwa-hkbr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-66c2-7g4p-wx4p.yml 38.3.0
2026-04-12T00:17:56.322305+00:00 GitLab Importer Affected by VCID-nxq4-m52q-yuh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wvvp-jwf5-qcpc.yml 38.3.0
2026-04-12T00:17:56.177561+00:00 GitLab Importer Affected by VCID-d99v-v9cj-zfh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rxc9-f2x6-qh4w.yml 38.3.0
2026-04-12T00:17:55.991715+00:00 GitLab Importer Affected by VCID-n1cb-8py6-bbhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-ppvg-hw62-6ph9.yml 38.3.0
2026-04-12T00:16:24.370082+00:00 GitLab Importer Affected by VCID-8d2m-1ffv-jqe1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34356.yml 38.3.0
2026-04-12T00:16:13.559486+00:00 GitLab Importer Affected by VCID-zwgt-rm1f-6bf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34357.yml 38.3.0
2026-04-12T00:16:01.320941+00:00 GitLab Importer Affected by VCID-mud2-s4rc-fuf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34358.yml 38.3.0
2026-04-12T00:10:09.232967+00:00 GitLab Importer Affected by VCID-axvk-13qf-tka7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-22188.yml 38.3.0
2026-04-12T00:10:08.819224+00:00 GitLab Importer Affected by VCID-n7ng-zkkb-2qaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25120.yml 38.3.0
2026-04-12T00:10:07.952943+00:00 GitLab Importer Affected by VCID-taj6-zj2n-5kg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25121.yml 38.3.0
2026-04-12T00:10:07.286318+00:00 GitLab Importer Affected by VCID-g4uc-qeb6-myed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25119.yml 38.3.0
2026-04-12T00:10:06.636149+00:00 GitLab Importer Affected by VCID-gv1b-xtv4-4yg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25118.yml 38.3.0
2026-04-12T00:02:53.111207+00:00 GitLab Importer Affected by VCID-h6y3-7gsq-skh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-47127.yml 38.3.0
2026-04-11T23:39:16.658064+00:00 GitLab Importer Affected by VCID-vyvy-y3cw-hbgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-24814.yml 38.3.0
2026-04-11T23:35:48.069908+00:00 GitLab Importer Affected by VCID-t1n7-eswt-73gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23503.yml 38.3.0
2026-04-11T23:35:46.831704+00:00 GitLab Importer Affected by VCID-ve7g-8st5-wffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23500.yml 38.3.0
2026-04-11T23:35:41.058907+00:00 GitLab Importer Affected by VCID-zdq2-dhb2-6kaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23501.yml 38.3.0
2026-04-11T23:35:27.998117+00:00 GitLab Importer Affected by VCID-w13x-3rp9-wyej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23504.yml 38.3.0
2026-04-11T23:25:15.348900+00:00 GitLab Importer Affected by VCID-b6er-h7dm-3bev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GMS-2022-4096.yml 38.3.0
2026-04-11T23:25:09.565282+00:00 GitLab Importer Affected by VCID-mnz3-rj21-67ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36105.yml 38.3.0
2026-04-11T23:25:07.966415+00:00 GitLab Importer Affected by VCID-5paq-5frf-43ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36107.yml 38.3.0
2026-04-11T23:19:47.409185+00:00 GitLab Importer Affected by VCID-remd-55jh-r3g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31050.yml 38.3.0
2026-04-11T23:19:36.999682+00:00 GitLab Importer Affected by VCID-e32h-8q61-hbgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31049.yml 38.3.0
2026-04-11T23:19:35.387382+00:00 GitLab Importer Affected by VCID-4jpa-6fqh-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31048.yml 38.3.0
2026-04-11T23:19:34.748406+00:00 GitLab Importer Affected by VCID-s55j-8hbt-akhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31046.yml 38.3.0
2026-04-11T23:19:19.462729+00:00 GitLab Importer Affected by VCID-bajy-qbwq-fufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31047.yml 38.3.0
2026-04-11T23:16:37.402231+00:00 GitLab Importer Affected by VCID-3n2r-awja-dug9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19850.yml 38.3.0
2026-04-11T23:14:43.116855+00:00 GitLab Importer Affected by VCID-zkea-ge1t-z7gn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12748.yml 38.3.0
2026-04-11T23:14:37.850308+00:00 GitLab Importer Affected by VCID-9g62-zd1x-3bdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12747.yml 38.3.0
2026-04-11T23:13:23.739609+00:00 GitLab Importer Affected by VCID-gcnj-6qb6-pbgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19848.yml 38.3.0
2026-04-11T23:11:44.813968+00:00 GitLab Importer Affected by VCID-xa4m-xpa9-v7h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19849.yml 38.3.0
2026-04-11T22:41:06.868732+00:00 GitLab Importer Affected by VCID-y32z-2d3f-gkgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32768.yml 38.3.0
2026-04-11T22:40:37.774266+00:00 GitLab Importer Affected by VCID-n15v-ta9h-6ffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32767.yml 38.3.0
2026-04-11T22:40:35.273178+00:00 GitLab Importer Affected by VCID-s64f-x81f-b7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32668.yml 38.3.0
2026-04-11T22:40:34.203195+00:00 GitLab Importer Affected by VCID-ekfd-wp8z-d7e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32669.yml 38.3.0
2026-04-11T22:40:33.553291+00:00 GitLab Importer Affected by VCID-6a9t-8dmn-s3bv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32667.yml 38.3.0
2026-04-11T22:31:44.726190+00:00 GitLab Importer Affected by VCID-xh7y-56vy-5ud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21355.yml 38.3.0
2026-04-11T22:31:43.301598+00:00 GitLab Importer Affected by VCID-dsu7-jjjq-f3e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21339.yml 38.3.0
2026-04-11T22:31:42.384712+00:00 GitLab Importer Affected by VCID-he5m-6wj4-rbhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21357.yml 38.3.0
2026-04-11T22:31:40.901129+00:00 GitLab Importer Affected by VCID-5jgb-dsyx-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21338.yml 38.3.0
2026-04-11T22:31:37.723798+00:00 GitLab Importer Affected by VCID-t3jn-vwbx-u7cr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21370.yml 38.3.0
2026-04-11T22:31:33.975128+00:00 GitLab Importer Affected by VCID-d8d1-sat6-muhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21359.yml 38.3.0
2026-04-11T22:26:31.255779+00:00 GitLab Importer Affected by VCID-f963-qur3-2qb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26227.yml 38.3.0
2026-04-11T22:26:25.993782+00:00 GitLab Importer Affected by VCID-a49c-fqrj-nbb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26228.yml 38.3.0
2026-04-11T22:17:38.157149+00:00 GitLab Importer Affected by VCID-phgh-sd4m-zbdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15099.yml 38.3.0
2026-04-11T22:17:37.365122+00:00 GitLab Importer Affected by VCID-sw7v-fbjk-13hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15098.yml 38.3.0
2026-04-11T22:14:49.566854+00:00 GitLab Importer Affected by VCID-2mn6-mdmz-4yd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11069.yml 38.3.0
2026-04-11T22:14:48.190343+00:00 GitLab Importer Affected by VCID-58js-jzm4-4fc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11066.yml 38.3.0
2026-04-11T22:14:46.989608+00:00 GitLab Importer Affected by VCID-5kzs-ex81-bbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11067.yml 38.3.0
2026-04-11T22:14:44.447031+00:00 GitLab Importer Affected by VCID-543x-cnbz-1kb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11064.yml 38.3.0
2026-04-11T22:11:48.356263+00:00 GitLab Importer Affected by VCID-4mkw-tv16-jyca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-10912.yml 38.3.0
2026-04-11T22:06:42.516334+00:00 GitLab Importer Affected by VCID-2meq-x4kd-bbdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-5.yml 38.3.0
2026-04-11T22:06:41.768469+00:00 GitLab Importer Affected by VCID-cm14-t8uv-k3es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-3.yml 38.3.0
2026-04-11T22:06:41.481891+00:00 GitLab Importer Affected by VCID-u9bx-8e86-wbew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-7.yml 38.3.0
2026-04-11T22:06:41.067678+00:00 GitLab Importer Affected by VCID-3v4n-fzxa-bfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-4.yml 38.3.0
2026-04-11T22:06:40.037655+00:00 GitLab Importer Affected by VCID-stzu-sxe6-5yf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-1.yml 38.3.0
2026-04-11T22:06:39.769867+00:00 GitLab Importer Affected by VCID-xtdg-uj46-rkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-6.yml 38.3.0
2026-04-11T22:06:39.356983+00:00 GitLab Importer Affected by VCID-vxry-uvph-kbfd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-2.yml 38.3.0
2026-04-11T22:05:11.085252+00:00 GitLab Importer Affected by VCID-9gpp-ez8w-rqav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-1.yml 38.3.0
2026-04-11T22:05:09.415295+00:00 GitLab Importer Affected by VCID-raxk-rm9v-hubn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-5.yml 38.3.0
2026-04-11T22:05:08.838537+00:00 GitLab Importer Affected by VCID-q8hy-wjd9-nbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-3.yml 38.3.0
2026-04-11T22:05:08.153330+00:00 GitLab Importer Affected by VCID-eajg-ctpd-2bby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-2.yml 38.3.0
2026-04-11T22:05:07.892206+00:00 GitLab Importer Affected by VCID-kj9x-psfz-2ug1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-4.yml 38.3.0
2026-04-11T22:02:11.532713+00:00 GitLab Importer Affected by VCID-px44-19tj-h7aa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-6.yml 38.3.0
2026-04-11T22:02:11.293747+00:00 GitLab Importer Affected by VCID-axaf-45kr-kbfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-2.yml 38.3.0
2026-04-11T22:02:10.397834+00:00 GitLab Importer Affected by VCID-dj88-f3p8-cfbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-7.yml 38.3.0
2026-04-11T22:02:09.724952+00:00 GitLab Importer Affected by VCID-p715-yexd-jfgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-8.yml 38.3.0
2026-04-11T22:02:08.879185+00:00 GitLab Importer Affected by VCID-wea9-egep-h7g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-1.yml 38.3.0
2026-04-11T22:02:08.272677+00:00 GitLab Importer Affected by VCID-551q-gpyd-ffe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-4.yml 38.3.0
2026-04-11T22:02:07.394744+00:00 GitLab Importer Affected by VCID-k8af-cg9k-87a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-5.yml 38.3.0
2026-04-11T22:01:12.262156+00:00 GitLab Importer Affected by VCID-dm97-51uu-r7gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-1.yml 38.3.0
2026-04-11T22:01:12.031096+00:00 GitLab Importer Affected by VCID-4btk-jt5n-2ugf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-8.yml 38.3.0
2026-04-11T22:01:11.169533+00:00 GitLab Importer Affected by VCID-rdrs-mhaw-b3ge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-3.yml 38.3.0
2026-04-11T22:01:10.939425+00:00 GitLab Importer Affected by VCID-n78p-x7hh-gqcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-5.yml 38.3.0
2026-04-11T22:01:10.199361+00:00 GitLab Importer Affected by VCID-tw1y-t4qj-j3d1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-2.yml 38.3.0
2026-04-11T22:01:08.680541+00:00 GitLab Importer Affected by VCID-zspb-bd6j-wyd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-4.yml 38.3.0
2026-04-11T22:01:07.469995+00:00 GitLab Importer Affected by VCID-bnne-7p2q-eqd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-6.yml 38.3.0
2026-04-11T22:00:58.735183+00:00 GitLab Importer Affected by VCID-qb4j-9tz7-m7a2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-17960.yml 38.3.0
2026-04-11T21:58:27.883332+00:00 GitLab Importer Affected by VCID-3gg5-1921-rbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-14041.yml 38.3.0
2026-04-05T02:30:38.020721+00:00 GitLab Importer Affected by VCID-t1n7-eswt-73gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23503.yml 38.1.0
2026-04-05T02:30:36.795531+00:00 GitLab Importer Affected by VCID-ve7g-8st5-wffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23500.yml 38.1.0
2026-04-05T02:30:32.187588+00:00 GitLab Importer Affected by VCID-zdq2-dhb2-6kaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23501.yml 38.1.0
2026-04-05T02:21:45.874013+00:00 GitLab Importer Affected by VCID-b6er-h7dm-3bev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GMS-2022-4096.yml 38.1.0
2026-04-03T00:56:54.994590+00:00 GitLab Importer Affected by VCID-4t9s-p25a-cfas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47939.yml 38.1.0
2026-04-03T00:56:54.110300+00:00 GitLab Importer Affected by VCID-nubu-f1sc-gbes https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47937.yml 38.1.0
2026-04-03T00:56:48.079607+00:00 GitLab Importer Affected by VCID-65ue-7jd9-23gf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2025-47938.yml 38.1.0
2026-04-03T00:45:31.855753+00:00 GitLab Importer Affected by VCID-xy6y-312d-rygj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-55892.yml 38.1.0
2026-04-03T00:25:24.965303+00:00 GitLab Importer Affected by VCID-pss5-as4b-cyf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-xmgr-jff3-fcfv.yml 38.1.0
2026-04-03T00:25:24.617930+00:00 GitLab Importer Affected by VCID-hhmn-yz5p-xkap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4ppr-jw47-9qm5.yml 38.1.0
2026-04-03T00:25:24.302601+00:00 GitLab Importer Affected by VCID-pmzz-9rws-4ud5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-x428-565f-8xj2.yml 38.1.0
2026-04-03T00:25:23.758991+00:00 GitLab Importer Affected by VCID-6xmj-wbea-r7ex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-29m4-mx89-3mjg.yml 38.1.0
2026-04-03T00:25:23.485153+00:00 GitLab Importer Affected by VCID-s53a-f91p-huf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-82vp-jr39-4j2j.yml 38.1.0
2026-04-03T00:25:23.145964+00:00 GitLab Importer Affected by VCID-swnc-ke6h-ekew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-6xwf-7rfm-4gwc.yml 38.1.0
2026-04-03T00:25:22.397367+00:00 GitLab Importer Affected by VCID-dmzb-gkdn-6bcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g776-759r-pf6x.yml 38.1.0
2026-04-03T00:25:22.228181+00:00 GitLab Importer Affected by VCID-9zqs-hjay-fkev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-22q7-cg4r-p9mx.yml 38.1.0
2026-04-03T00:25:21.857412+00:00 GitLab Importer Affected by VCID-461j-9hrc-gfbc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wj85-rg5g-v8jm.yml 38.1.0
2026-04-03T00:25:21.458375+00:00 GitLab Importer Affected by VCID-5z59-dn7p-xbc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g4c9-qfvw-fmr4.yml 38.1.0
2026-04-03T00:25:20.913927+00:00 GitLab Importer Affected by VCID-21e8-x7mp-hugk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-f9hr-7cfq-mjg2.yml 38.1.0
2026-04-03T00:25:20.003027+00:00 GitLab Importer Affected by VCID-9x6r-56xm-n7h7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rv8r-8mh5-5376.yml 38.1.0
2026-04-03T00:25:18.104093+00:00 GitLab Importer Affected by VCID-mh4f-vtfj-hbb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-4459-qrcc-vfcf.yml 38.1.0
2026-04-03T00:25:17.821677+00:00 GitLab Importer Affected by VCID-f4bv-pzdy-dfcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-p2h4-7fp3-cmh8.yml 38.1.0
2026-04-03T00:25:17.551973+00:00 GitLab Importer Affected by VCID-rwqs-3ktq-qqbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-8c25-vj2w-p72j.yml 38.1.0
2026-04-03T00:25:16.289013+00:00 GitLab Importer Affected by VCID-yzx1-4psv-7bhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-76r3-m635-p3vc.yml 38.1.0
2026-04-03T00:25:14.518747+00:00 GitLab Importer Affected by VCID-5u4q-m66t-wqcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-95qm-3xp7-vfj5.yml 38.1.0
2026-04-03T00:25:13.562906+00:00 GitLab Importer Affected by VCID-e268-wagv-sbex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wg8h-gxf4-g4gh.yml 38.1.0
2026-04-03T00:25:13.263524+00:00 GitLab Importer Affected by VCID-tnjd-pyys-akav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-5h5v-m596-r6rf.yml 38.1.0
2026-04-03T00:25:12.381214+00:00 GitLab Importer Affected by VCID-a563-vtwa-hkbr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-66c2-7g4p-wx4p.yml 38.1.0
2026-04-03T00:25:12.095425+00:00 GitLab Importer Affected by VCID-nxq4-m52q-yuh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-wvvp-jwf5-qcpc.yml 38.1.0
2026-04-03T00:25:11.908088+00:00 GitLab Importer Affected by VCID-d99v-v9cj-zfh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-rxc9-f2x6-qh4w.yml 38.1.0
2026-04-03T00:25:11.640500+00:00 GitLab Importer Affected by VCID-n1cb-8py6-bbhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-ppvg-hw62-6ph9.yml 38.1.0
2026-04-03T00:23:24.586656+00:00 GitLab Importer Affected by VCID-8d2m-1ffv-jqe1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34356.yml 38.1.0
2026-04-03T00:23:14.789901+00:00 GitLab Importer Affected by VCID-zwgt-rm1f-6bf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34357.yml 38.1.0
2026-04-03T00:23:02.506738+00:00 GitLab Importer Affected by VCID-mud2-s4rc-fuf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-34358.yml 38.1.0
2026-04-03T00:15:23.522394+00:00 GitLab Importer Affected by VCID-axvk-13qf-tka7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-22188.yml 38.1.0
2026-04-03T00:15:22.710852+00:00 GitLab Importer Affected by VCID-n7ng-zkkb-2qaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25120.yml 38.1.0
2026-04-03T00:15:21.474321+00:00 GitLab Importer Affected by VCID-taj6-zj2n-5kg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25121.yml 38.1.0
2026-04-03T00:15:20.445524+00:00 GitLab Importer Affected by VCID-g4uc-qeb6-myed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25119.yml 38.1.0
2026-04-03T00:15:19.382151+00:00 GitLab Importer Affected by VCID-gv1b-xtv4-4yg3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2024-25118.yml 38.1.0
2026-04-03T00:05:52.502020+00:00 GitLab Importer Affected by VCID-h6y3-7gsq-skh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-47127.yml 38.1.0
2026-04-02T23:43:27.701289+00:00 GitLab Importer Affected by VCID-vyvy-y3cw-hbgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-24814.yml 38.1.0
2026-04-02T23:40:06.263420+00:00 GitLab Importer Affected by VCID-w13x-3rp9-wyej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23504.yml 38.1.0
2026-04-02T23:31:29.242674+00:00 GitLab Importer Affected by VCID-mnz3-rj21-67ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36105.yml 38.1.0
2026-04-02T23:31:27.789235+00:00 GitLab Importer Affected by VCID-5paq-5frf-43ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36107.yml 38.1.0
2026-04-02T23:27:10.858759+00:00 GitLab Importer Affected by VCID-remd-55jh-r3g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31050.yml 38.1.0
2026-04-02T23:27:04.025712+00:00 GitLab Importer Affected by VCID-e32h-8q61-hbgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31049.yml 38.1.0
2026-04-02T23:27:02.984725+00:00 GitLab Importer Affected by VCID-4jpa-6fqh-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31048.yml 38.1.0
2026-04-02T23:27:02.411351+00:00 GitLab Importer Affected by VCID-s55j-8hbt-akhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31046.yml 38.1.0
2026-04-02T23:26:48.170264+00:00 GitLab Importer Affected by VCID-bajy-qbwq-fufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31047.yml 38.1.0
2026-04-02T23:24:24.402561+00:00 GitLab Importer Affected by VCID-3n2r-awja-dug9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19850.yml 38.1.0
2026-04-02T23:22:43.550541+00:00 GitLab Importer Affected by VCID-zkea-ge1t-z7gn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12748.yml 38.1.0
2026-04-02T23:22:39.407831+00:00 GitLab Importer Affected by VCID-9g62-zd1x-3bdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12747.yml 38.1.0
2026-04-02T23:21:34.969764+00:00 GitLab Importer Affected by VCID-gcnj-6qb6-pbgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19848.yml 38.1.0
2026-04-02T23:20:09.937571+00:00 GitLab Importer Affected by VCID-xa4m-xpa9-v7h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19849.yml 38.1.0
2026-04-02T22:51:34.576623+00:00 GitLab Importer Affected by VCID-y32z-2d3f-gkgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32768.yml 38.1.0
2026-04-02T22:51:07.017455+00:00 GitLab Importer Affected by VCID-n15v-ta9h-6ffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32767.yml 38.1.0
2026-04-02T22:51:04.771344+00:00 GitLab Importer Affected by VCID-s64f-x81f-b7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32668.yml 38.1.0
2026-04-02T22:51:03.788055+00:00 GitLab Importer Affected by VCID-ekfd-wp8z-d7e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32669.yml 38.1.0
2026-04-02T22:51:03.149588+00:00 GitLab Importer Affected by VCID-6a9t-8dmn-s3bv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32667.yml 38.1.0
2026-04-02T22:43:05.133383+00:00 GitLab Importer Affected by VCID-xh7y-56vy-5ud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21355.yml 38.1.0
2026-04-02T22:43:03.777956+00:00 GitLab Importer Affected by VCID-dsu7-jjjq-f3e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21339.yml 38.1.0
2026-04-02T22:43:02.947066+00:00 GitLab Importer Affected by VCID-he5m-6wj4-rbhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21357.yml 38.1.0
2026-04-02T22:43:01.577776+00:00 GitLab Importer Affected by VCID-5jgb-dsyx-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21338.yml 38.1.0
2026-04-02T22:42:58.599988+00:00 GitLab Importer Affected by VCID-t3jn-vwbx-u7cr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21370.yml 38.1.0
2026-04-02T22:42:55.129365+00:00 GitLab Importer Affected by VCID-d8d1-sat6-muhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21359.yml 38.1.0
2026-04-02T22:38:15.202122+00:00 GitLab Importer Affected by VCID-f963-qur3-2qb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26227.yml 38.1.0
2026-04-02T22:38:10.419945+00:00 GitLab Importer Affected by VCID-a49c-fqrj-nbb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26228.yml 38.1.0
2026-04-02T22:29:41.298125+00:00 GitLab Importer Affected by VCID-phgh-sd4m-zbdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15099.yml 38.1.0
2026-04-02T22:29:40.561322+00:00 GitLab Importer Affected by VCID-sw7v-fbjk-13hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15098.yml 38.1.0
2026-04-02T22:27:07.494751+00:00 GitLab Importer Affected by VCID-2mn6-mdmz-4yd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11069.yml 38.1.0
2026-04-02T22:27:06.004832+00:00 GitLab Importer Affected by VCID-58js-jzm4-4fc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11066.yml 38.1.0
2026-04-02T22:27:04.908213+00:00 GitLab Importer Affected by VCID-5kzs-ex81-bbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11067.yml 38.1.0
2026-04-02T22:27:02.573348+00:00 GitLab Importer Affected by VCID-543x-cnbz-1kb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11064.yml 38.1.0
2026-04-02T22:24:17.477328+00:00 GitLab Importer Affected by VCID-4mkw-tv16-jyca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-10912.yml 38.1.0
2026-04-02T22:19:32.719032+00:00 GitLab Importer Affected by VCID-2meq-x4kd-bbdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-5.yml 38.1.0
2026-04-02T22:19:32.124080+00:00 GitLab Importer Affected by VCID-cm14-t8uv-k3es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-3.yml 38.1.0
2026-04-02T22:19:29.975384+00:00 GitLab Importer Affected by VCID-u9bx-8e86-wbew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-7.yml 38.1.0
2026-04-02T22:19:29.594194+00:00 GitLab Importer Affected by VCID-3v4n-fzxa-bfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-4.yml 38.1.0
2026-04-02T22:19:28.654195+00:00 GitLab Importer Affected by VCID-stzu-sxe6-5yf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-1.yml 38.1.0
2026-04-02T22:19:28.403004+00:00 GitLab Importer Affected by VCID-xtdg-uj46-rkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-6.yml 38.1.0
2026-04-02T22:19:28.026954+00:00 GitLab Importer Affected by VCID-vxry-uvph-kbfd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-2.yml 38.1.0
2026-04-02T22:18:03.845624+00:00 GitLab Importer Affected by VCID-9gpp-ez8w-rqav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-1.yml 38.1.0
2026-04-02T22:18:02.157057+00:00 GitLab Importer Affected by VCID-raxk-rm9v-hubn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-5.yml 38.1.0
2026-04-02T22:18:01.647314+00:00 GitLab Importer Affected by VCID-q8hy-wjd9-nbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-3.yml 38.1.0
2026-04-02T22:18:01.023135+00:00 GitLab Importer Affected by VCID-eajg-ctpd-2bby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-2.yml 38.1.0
2026-04-02T22:18:00.794626+00:00 GitLab Importer Affected by VCID-kj9x-psfz-2ug1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-4.yml 38.1.0
2026-04-02T22:15:10.915880+00:00 GitLab Importer Affected by VCID-px44-19tj-h7aa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-6.yml 38.1.0
2026-04-02T22:15:10.698581+00:00 GitLab Importer Affected by VCID-axaf-45kr-kbfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-2.yml 38.1.0
2026-04-02T22:15:09.884546+00:00 GitLab Importer Affected by VCID-dj88-f3p8-cfbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-7.yml 38.1.0
2026-04-02T22:15:09.239192+00:00 GitLab Importer Affected by VCID-p715-yexd-jfgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-8.yml 38.1.0
2026-04-02T22:15:08.476652+00:00 GitLab Importer Affected by VCID-wea9-egep-h7g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-1.yml 38.1.0
2026-04-02T22:15:07.943187+00:00 GitLab Importer Affected by VCID-551q-gpyd-ffe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-4.yml 38.1.0
2026-04-02T22:15:07.116987+00:00 GitLab Importer Affected by VCID-k8af-cg9k-87a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-5.yml 38.1.0
2026-04-02T22:14:15.146849+00:00 GitLab Importer Affected by VCID-dm97-51uu-r7gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-1.yml 38.1.0
2026-04-02T22:14:14.942030+00:00 GitLab Importer Affected by VCID-4btk-jt5n-2ugf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-8.yml 38.1.0
2026-04-02T22:14:14.140574+00:00 GitLab Importer Affected by VCID-rdrs-mhaw-b3ge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-3.yml 38.1.0
2026-04-02T22:14:13.928492+00:00 GitLab Importer Affected by VCID-n78p-x7hh-gqcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-5.yml 38.1.0
2026-04-02T22:14:13.266031+00:00 GitLab Importer Affected by VCID-tw1y-t4qj-j3d1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-2.yml 38.1.0
2026-04-02T22:14:11.856655+00:00 GitLab Importer Affected by VCID-zspb-bd6j-wyd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-4.yml 38.1.0
2026-04-02T22:14:10.751264+00:00 GitLab Importer Affected by VCID-bnne-7p2q-eqd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-6.yml 38.1.0
2026-04-02T22:14:01.099694+00:00 GitLab Importer Affected by VCID-qb4j-9tz7-m7a2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-17960.yml 38.1.0
2026-04-02T22:11:47.299908+00:00 GitLab Importer Affected by VCID-3gg5-1921-rbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-14041.yml 38.1.0
2026-04-01T18:06:21.159367+00:00 GitLab Importer Affected by VCID-vyvy-y3cw-hbgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-24814.yml 38.0.0
2026-04-01T18:02:36.229689+00:00 GitLab Importer Affected by VCID-w13x-3rp9-wyej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-23504.yml 38.0.0
2026-04-01T17:53:07.834598+00:00 GitLab Importer Affected by VCID-mnz3-rj21-67ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36105.yml 38.0.0
2026-04-01T17:53:06.240287+00:00 GitLab Importer Affected by VCID-5paq-5frf-43ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-36107.yml 38.0.0
2026-04-01T17:48:06.558123+00:00 GitLab Importer Affected by VCID-remd-55jh-r3g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31050.yml 38.0.0
2026-04-01T17:47:59.748989+00:00 GitLab Importer Affected by VCID-e32h-8q61-hbgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31049.yml 38.0.0
2026-04-01T17:47:58.754724+00:00 GitLab Importer Affected by VCID-4jpa-6fqh-hbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31048.yml 38.0.0
2026-04-01T17:47:58.147393+00:00 GitLab Importer Affected by VCID-s55j-8hbt-akhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31046.yml 38.0.0
2026-04-01T17:47:42.519834+00:00 GitLab Importer Affected by VCID-bajy-qbwq-fufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2022-31047.yml 38.0.0
2026-04-01T17:45:15.713612+00:00 GitLab Importer Affected by VCID-3n2r-awja-dug9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19850.yml 38.0.0
2026-04-01T17:43:46.248612+00:00 GitLab Importer Affected by VCID-zkea-ge1t-z7gn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12748.yml 38.0.0
2026-04-01T17:43:40.326529+00:00 GitLab Importer Affected by VCID-9g62-zd1x-3bdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-12747.yml 38.0.0
2026-04-01T17:42:25.161821+00:00 GitLab Importer Affected by VCID-gcnj-6qb6-pbgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19848.yml 38.0.0
2026-04-01T17:40:44.956771+00:00 GitLab Importer Affected by VCID-xa4m-xpa9-v7h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-19849.yml 38.0.0
2026-04-01T17:09:39.744663+00:00 GitLab Importer Affected by VCID-y32z-2d3f-gkgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32768.yml 38.0.0
2026-04-01T17:09:09.532352+00:00 GitLab Importer Affected by VCID-n15v-ta9h-6ffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32767.yml 38.0.0
2026-04-01T17:09:07.041007+00:00 GitLab Importer Affected by VCID-s64f-x81f-b7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32668.yml 38.0.0
2026-04-01T17:09:05.929598+00:00 GitLab Importer Affected by VCID-ekfd-wp8z-d7e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32669.yml 38.0.0
2026-04-01T17:09:05.286265+00:00 GitLab Importer Affected by VCID-6a9t-8dmn-s3bv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32667.yml 38.0.0
2026-04-01T17:00:47.708167+00:00 GitLab Importer Affected by VCID-xh7y-56vy-5ud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21355.yml 38.0.0
2026-04-01T17:00:46.275229+00:00 GitLab Importer Affected by VCID-dsu7-jjjq-f3e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21339.yml 38.0.0
2026-04-01T17:00:45.371938+00:00 GitLab Importer Affected by VCID-he5m-6wj4-rbhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21357.yml 38.0.0
2026-04-01T17:00:43.932496+00:00 GitLab Importer Affected by VCID-5jgb-dsyx-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21338.yml 38.0.0
2026-04-01T17:00:40.671704+00:00 GitLab Importer Affected by VCID-t3jn-vwbx-u7cr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21370.yml 38.0.0
2026-04-01T17:00:37.092706+00:00 GitLab Importer Affected by VCID-d8d1-sat6-muhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-21359.yml 38.0.0
2026-04-01T16:55:40.944088+00:00 GitLab Importer Affected by VCID-f963-qur3-2qb7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26227.yml 38.0.0
2026-04-01T16:55:35.676756+00:00 GitLab Importer Affected by VCID-a49c-fqrj-nbb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-26228.yml 38.0.0
2026-04-01T16:47:48.341866+00:00 GitLab Importer Affected by VCID-phgh-sd4m-zbdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15099.yml 38.0.0
2026-04-01T16:47:47.546353+00:00 GitLab Importer Affected by VCID-sw7v-fbjk-13hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-15098.yml 38.0.0
2026-04-01T16:45:06.972267+00:00 GitLab Importer Affected by VCID-2mn6-mdmz-4yd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11069.yml 38.0.0
2026-04-01T16:45:05.560894+00:00 GitLab Importer Affected by VCID-58js-jzm4-4fc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11066.yml 38.0.0
2026-04-01T16:45:04.145847+00:00 GitLab Importer Affected by VCID-5kzs-ex81-bbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11067.yml 38.0.0
2026-04-01T16:45:00.914896+00:00 GitLab Importer Affected by VCID-543x-cnbz-1kb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-11064.yml 38.0.0
2026-04-01T16:42:07.651246+00:00 GitLab Importer Affected by VCID-4mkw-tv16-jyca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2019-10912.yml 38.0.0
2026-04-01T16:37:18.247838+00:00 GitLab Importer Affected by VCID-2meq-x4kd-bbdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-5.yml 38.0.0
2026-04-01T16:37:17.586554+00:00 GitLab Importer Affected by VCID-cm14-t8uv-k3es https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-3.yml 38.0.0
2026-04-01T16:37:17.322586+00:00 GitLab Importer Affected by VCID-u9bx-8e86-wbew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-7.yml 38.0.0
2026-04-01T16:37:16.928820+00:00 GitLab Importer Affected by VCID-3v4n-fzxa-bfaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-4.yml 38.0.0
2026-04-01T16:37:15.914475+00:00 GitLab Importer Affected by VCID-stzu-sxe6-5yf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-1.yml 38.0.0
2026-04-01T16:37:15.649520+00:00 GitLab Importer Affected by VCID-xtdg-uj46-rkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-6.yml 38.0.0
2026-04-01T16:37:15.258656+00:00 GitLab Importer Affected by VCID-vxry-uvph-kbfd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-06-25-2.yml 38.0.0
2026-04-01T16:35:44.607429+00:00 GitLab Importer Affected by VCID-9gpp-ez8w-rqav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-1.yml 38.0.0
2026-04-01T16:35:42.704904+00:00 GitLab Importer Affected by VCID-raxk-rm9v-hubn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-5.yml 38.0.0
2026-04-01T16:35:42.176971+00:00 GitLab Importer Affected by VCID-q8hy-wjd9-nbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-3.yml 38.0.0
2026-04-01T16:35:41.537290+00:00 GitLab Importer Affected by VCID-eajg-ctpd-2bby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-2.yml 38.0.0
2026-04-01T16:35:41.293229+00:00 GitLab Importer Affected by VCID-kj9x-psfz-2ug1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-05-07-4.yml 38.0.0
2026-04-01T16:32:44.010008+00:00 GitLab Importer Affected by VCID-px44-19tj-h7aa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-6.yml 38.0.0
2026-04-01T16:32:43.782266+00:00 GitLab Importer Affected by VCID-axaf-45kr-kbfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-2.yml 38.0.0
2026-04-01T16:32:42.936643+00:00 GitLab Importer Affected by VCID-dj88-f3p8-cfbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-7.yml 38.0.0
2026-04-01T16:32:42.259657+00:00 GitLab Importer Affected by VCID-p715-yexd-jfgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-8.yml 38.0.0
2026-04-01T16:32:41.446022+00:00 GitLab Importer Affected by VCID-wea9-egep-h7g5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-1.yml 38.0.0
2026-04-01T16:32:40.874733+00:00 GitLab Importer Affected by VCID-551q-gpyd-ffe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-4.yml 38.0.0
2026-04-01T16:32:40.013100+00:00 GitLab Importer Affected by VCID-k8af-cg9k-87a9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2019-01-22-5.yml 38.0.0
2026-04-01T16:31:44.602232+00:00 GitLab Importer Affected by VCID-dm97-51uu-r7gw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-1.yml 38.0.0
2026-04-01T16:31:44.374851+00:00 GitLab Importer Affected by VCID-4btk-jt5n-2ugf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-8.yml 38.0.0
2026-04-01T16:31:43.531525+00:00 GitLab Importer Affected by VCID-rdrs-mhaw-b3ge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-3.yml 38.0.0
2026-04-01T16:31:43.319092+00:00 GitLab Importer Affected by VCID-n78p-x7hh-gqcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-5.yml 38.0.0
2026-04-01T16:31:42.603886+00:00 GitLab Importer Affected by VCID-tw1y-t4qj-j3d1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-2.yml 38.0.0
2026-04-01T16:31:41.130311+00:00 GitLab Importer Affected by VCID-zspb-bd6j-wyd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-4.yml 38.0.0
2026-04-01T16:31:39.950264+00:00 GitLab Importer Affected by VCID-bnne-7p2q-eqd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/2018-12-11-6.yml 38.0.0
2026-04-01T16:31:31.392860+00:00 GitLab Importer Affected by VCID-qb4j-9tz7-m7a2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-17960.yml 38.0.0
2026-04-01T16:29:09.123275+00:00 GitLab Importer Affected by VCID-3gg5-1921-rbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2018-14041.yml 38.0.0