Search for packages
Package details: pkg:composer/typo3/cms@7.6.11
purl pkg:composer/typo3/cms@7.6.11
Next non-vulnerable version 10.4.35
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (52)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-1txn-xjt1-37ha
Aliases:
2018-12-11-3
Cross-site Scripting Cross-Site Scripting in Frontend User Login.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-2m7w-zfua-u7b9
Aliases:
GHSA-g4pf-3jvq-2gcw
TYPO3 Remote Code Execution in third party library swiftmailer TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution.
7.6.15
Affected by 45 other vulnerabilities.
8.5.1
Affected by 94 other vulnerabilities.
VCID-4mfu-2wkc-ybbw
Aliases:
GHSA-8m6j-p5jv-v69w
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-4zub-buj2-5kbh
Aliases:
GHSA-f3wf-q4fj-3gxf
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-53bg-1gfq-7bap
Aliases:
2018-12-11-2
Cross-site Scripting Cross-Site Scripting in Backend Modal Component.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-58sc-bkhd-7ud1
Aliases:
2017-09-05-4
Code Injection Arbitrary Code Execution in TYPO3 CMS.
7.6.22
Affected by 31 other vulnerabilities.
8.7.0
Affected by 87 other vulnerabilities.
VCID-5m4k-jd3r-abaf
Aliases:
GHSA-gj48-w74w-8gvm
GMS-2024-342
Path Traversal in TYPO3 Core Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-7yn7-f2cw-ukfj
Aliases:
2018-12-11-6
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-7yrw-wj9m-hkd4
Aliases:
2017-02-28-2
Cross-site Scripting XSS in TYPO3 CMS.
7.6.16
Affected by 41 other vulnerabilities.
8.6.1
Affected by 88 other vulnerabilities.
VCID-8fkz-6kqu-gqbk
Aliases:
TYPO3-CORE-SA-2016-024
Path Traversal Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-8mc9-ye3u-c3aj
Aliases:
CVE-2019-19849
GHSA-rcgc-4xfc-564v
TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
8.7.30
Affected by 16 other vulnerabilities.
9.5.12
Affected by 27 other vulnerabilities.
10.2.1
Affected by 41 other vulnerabilities.
10.2.2
Affected by 41 other vulnerabilities.
VCID-8re4-c6j8-hyfh
Aliases:
2018-12-11-7
Uncontrolled Resource Consumption Denial of Service in Frontend Record Registration.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.0.0
Affected by 95 other vulnerabilities.
VCID-a6c5-ytdy-3qh4
Aliases:
GHSA-5gr6-97fv-52cc
Cross-Site Scripting in TYPO3 CMS Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.
7.6.16
Affected by 41 other vulnerabilities.
8.6.1
Affected by 88 other vulnerabilities.
VCID-brcm-16va-3yek
Aliases:
GHSA-c7p6-3c9c-f88q
Information Disclosure in TYPO3 CMS HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-cnqq-fdxb-9uat
Aliases:
GHSA-c7rj-92xr-wprg
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-cvpr-b5np-6bcv
Aliases:
2018-07-12-1
Improper Authentication Authentication Bypass in TYPO3 CMS.
7.6.30
Affected by 26 other vulnerabilities.
8.7.17
Affected by 68 other vulnerabilities.
9.3.2
Affected by 84 other vulnerabilities.
VCID-d42j-347n-e7en
Aliases:
CVE-2021-21338
GHSA-4jhw-2p6j-5wmp
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 12 other vulnerabilities.
10.4.14
Affected by 22 other vulnerabilities.
11.1.1
Affected by 23 other vulnerabilities.
VCID-e5ns-2x1v-sbaj
Aliases:
TYPO3-CORE-SA-2016-023
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-ekj9-nhu4-93cc
Aliases:
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 12 other vulnerabilities.
10.4.14
Affected by 22 other vulnerabilities.
11.1.1
Affected by 23 other vulnerabilities.
VCID-fhr8-f4h5-6ffx
Aliases:
GHSA-7q33-hxwj-7p8v
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-fj4s-fcy4-2fcj
Aliases:
2018-12-11-1
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-fru4-hjhx-47ev
Aliases:
TYPO3-CORE-SA-2017-006
Information Disclosure HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-hdsj-ya24-9uhk
Aliases:
GHSA-g585-crjf-vhwq
TYPO3 Denial of Service in Frontend Record Registration TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
VCID-heyp-4b45-v7gp
Aliases:
2016-11-22-1
Insecure Deserialization Insecure Unserialize in TYPO3 Backend.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-hg6g-kn76-bfbh
Aliases:
CVE-2019-19848
GHSA-77p4-wfr8-977w
TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
8.7.30
Affected by 16 other vulnerabilities.
9.5.12
Affected by 27 other vulnerabilities.
10.2.2
Affected by 41 other vulnerabilities.
VCID-hrjb-bbbx-1kbq
Aliases:
2018-12-11-5
Information Disclosure in Install Tool.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-htsn-wq8h-qbgp
Aliases:
2017-01-03-1
Code Injection Remote Code Execution in third party library swiftmailer.
7.6.15
Affected by 45 other vulnerabilities.
8.5.0
Affected by 95 other vulnerabilities.
VCID-hwcz-r4cu-9fba
Aliases:
TYPO3-CORE-SA-2017-003
XSS Vulnerability TYPO3 is vulnerable to Cross-Site Scripting.
7.6.16
Affected by 41 other vulnerabilities.
8.6.1
Affected by 88 other vulnerabilities.
VCID-jtuy-ex79-tfbu
Aliases:
CVE-2018-6905
GHSA-3w22-wrwx-2r75
Typo3 XSS Vulnerability The page module in TYPO3 before 8.7.11 has XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
8.7.11
Affected by 76 other vulnerabilities.
9.1.0
Affected by 92 other vulnerabilities.
9.2.0
Affected by 92 other vulnerabilities.
VCID-kh9n-kuvd-pbat
Aliases:
CVE-2022-23501
GHSA-jfp7-79g7-89rf
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
10.4.33
Affected by 1 other vulnerability.
11.5.20
Affected by 1 other vulnerability.
12.1.1
Affected by 1 other vulnerability.
VCID-mf9a-exme-b3ca
Aliases:
GHSA-6f9m-v7mp-7jjq
Authentication Bypass in TYPO3 CMS It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
7.6.30
Affected by 26 other vulnerabilities.
8.7.17
Affected by 68 other vulnerabilities.
9.3.2
Affected by 84 other vulnerabilities.
VCID-mgtw-94ks-a7du
Aliases:
GHSA-f777-f784-36gm
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-mpuk-6hdb-sqh7
Aliases:
GHSA-6487-3qvg-8px9
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-n7ha-dtwq-xqf9
Aliases:
2018-07-12-2
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
7.6.30
Affected by 26 other vulnerabilities.
8.7.17
Affected by 68 other vulnerabilities.
9.3.2
Affected by 84 other vulnerabilities.
VCID-q2ch-qd6x-vqeu
Aliases:
CVE-2022-31047
GHSA-fh99-4pgr-8j99
Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
10.4.29
Affected by 12 other vulnerabilities.
11.5.11
Affected by 13 other vulnerabilities.
VCID-rmnv-emnu-6bfy
Aliases:
CVE-2021-32767
GHSA-34fr-fhqr-7235
Information Disclosure in User Authentication > ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration. ### Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to Ingo Schmitt who reported this issue, and to TYPO3 core & security team member Benni Mack who fixed the issue. ### References * [TYPO3-CORE-SA-2021-012](https://typo3.org/security/advisory/typo3-core-sa-2021-012)
9.5.28
Affected by 10 other vulnerabilities.
10.4.18
Affected by 18 other vulnerabilities.
11.3.1
Affected by 20 other vulnerabilities.
VCID-rtd6-q7tg-ykfh
Aliases:
CVE-2020-26227
GHSA-vqqx-jw6p-q3rf
Cross-Site Scripting in Fluid view helpers > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) > * CWE-79 ### Problem It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. ``` <f:form ... fieldNamePrefix="{payload}" /> <f:be.labels.csh ... label="{payload}" /> <f:be.menus.actionMenu ... label="{payload}" /> ``` ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 security team members Helmut Hummel & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010)
8.0.0
Affected by 122 other vulnerabilities.
8.7.38
Affected by 0 other vulnerabilities.
9.5.23
Affected by 18 other vulnerabilities.
10.4.10
Affected by 30 other vulnerabilities.
VCID-scue-m12x-nkf4
Aliases:
2017-09-05-3
Information Disclosure in TYPO3 CMS.
7.6.22
Affected by 31 other vulnerabilities.
8.7.0
Affected by 87 other vulnerabilities.
VCID-tvq8-qbwc-qkfs
Aliases:
CVE-2021-32768
GHSA-c5c9-8c6m-727v
Cross-Site Scripting via Rich-Text Content > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7) ### Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Functions/Htmlparser.html)_ do not consider all potentially malicious HTML tag & attribute combinations per default. In addition, the lack of comprehensive default node configuration for rich-text fields in the backend user interface fosters this malfunction. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. ### Solution Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described above. Custom package _[typo3/html-sanitizer](https://github.com/TYPO3/html-sanitizer)_ - based on allow-lists only - takes care of sanitizing potentially malicious markup. The default behavior is based on safe and commonly used markup - however, this can be extended or restricted further in case it is necessary for individual scenarios. During the frontend rendering process, sanitization is applied to the default TypoScript path `lib.parseFunc`, which is implicitly used by the Fluid view-helper instruction `f:format.html`. Rich-text data persisted using the backend user interface is sanitized as well. Implementation details are explained in corresponding [ChangeLog documentation](https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Important-94484-IntroduceHTMLSanitizer.html). ### Credits Thanks to Benjamin Stiber, Gert-Jan Jansma, Gábor Ács-Kurucz, Alexander Kellner, Richie Lee, Nina Rösch who reported this issue, and to TYPO3 security team member Oliver Hader, as well as TYPO3 contributor Susanne Moog who fixed the issue. ### References * [TYPO3-CORE-SA-2021-013](https://typo3.org/security/advisory/typo3-core-sa-2021-013)
7.6.53
Affected by 0 other vulnerabilities.
8.7.42
Affected by 0 other vulnerabilities.
9.5.29
Affected by 7 other vulnerabilities.
10.4.19
Affected by 17 other vulnerabilities.
11.3.2
Affected by 19 other vulnerabilities.
VCID-u6ar-3wzb-u3eg
Aliases:
GHSA-g46h-v2cc-6c94
Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-ukvt-pj2t-9kcq
Aliases:
GHSA-2rcw-9hrm-8q7q
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-v83x-2hx7-yycg
Aliases:
CVE-2021-21339
GHSA-qx3w-4864-94ch
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 12 other vulnerabilities.
10.4.14
Affected by 22 other vulnerabilities.
11.1.1
Affected by 23 other vulnerabilities.
VCID-vftm-uyy7-63fb
Aliases:
2017-09-05-2
Information Disclosure in TYPO3 CMS.
7.6.22
Affected by 31 other vulnerabilities.
8.7.0
Affected by 87 other vulnerabilities.
VCID-vyhd-x5fe-b3aj
Aliases:
TYPO3-CORE-SA-2017-005
Information Disclosure Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-w2hv-ftte-fyd1
Aliases:
CVE-2022-36107
GHSA-9c6w-55cp-5w25
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
10.4.32
Affected by 7 other vulnerabilities.
11.5.16
Affected by 7 other vulnerabilities.
VCID-w2qy-69nb-5ke5
Aliases:
GHSA-ppgf-8745-8pgx
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
7.6.30
Affected by 26 other vulnerabilities.
8.7.17
Affected by 68 other vulnerabilities.
9.3.2
Affected by 84 other vulnerabilities.
VCID-xg9s-8fv2-87hq
Aliases:
GHSA-67wg-6j7r-mqh8
Arbitrary Code Execution in TYPO3 CMS Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload *.pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool. ``` \.(php[3-7]?|phpsh|phtml|pht)(\..*)?$|^\.htaccess$ ```
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
VCID-xsd3-6zyc-j7dg
Aliases:
2018-12-11-4
Security Misconfiguration in Install Tool Cookie.
7.6.32
Affected by 12 other vulnerabilities.
8.7.21
Affected by 51 other vulnerabilities.
9.5.2
Affected by 69 other vulnerabilities.
VCID-xww9-ktn9-e3ga
Aliases:
CVE-2022-36105
GHSA-m392-235j-9r7r
TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
10.4.32
Affected by 7 other vulnerabilities.
11.5.16
Affected by 7 other vulnerabilities.
VCID-y15u-f9e9-akff
Aliases:
2016-11-22-2
Path Traversal in TYPO3 Core.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-yz56-gs5x-hudr
Aliases:
TYPO3-CORE-SA-2017-007
Arbitrary Code Execution Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.
7.6.22
Affected by 31 other vulnerabilities.
8.7.5
Affected by 77 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-bd6u-nca5-gyeu Cross-Site Scripting (XSS) in TYPO3 Backend Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability. GHSA-hq37-rfjc-mr8h
VCID-f6sb-d831-u3fh Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability. TYPO3-CORE-SA-2016-021
VCID-gb7f-4sm6-tkaw Uncontrolled Resource Consumption Cache Flooding in TYPO3 Frontend. 2016-09-14-2
VCID-ky6n-ka2n-ayhu Cache Flooding in Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack. TYPO3-CORE-SA-2016-022
VCID-t352-87cy-4qhm Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack. GHSA-pw2q-qwvj-gh43
VCID-t7fe-ph2m-j3e5 Cross-site Scripting XSS in TYPO3 Backend. 2016-09-14-1

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:07:34.037606+00:00 GitLab Importer Affected by VCID-mgtw-94ks-a7du https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-f777-f784-36gm.yml 37.0.0
2025-07-03T19:07:33.217774+00:00 GitLab Importer Affected by VCID-hdsj-ya24-9uhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g585-crjf-vhwq.yml 37.0.0
2025-07-03T19:07:32.263351+00:00 GitLab Importer Affected by VCID-fhr8-f4h5-6ffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-7q33-hxwj-7p8v.yml 37.0.0
2025-07-03T19:07:30.765050+00:00 GitLab Importer Affected by VCID-mpuk-6hdb-sqh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-6487-3qvg-8px9.yml 37.0.0
2025-07-03T19:07:27.034926+00:00 GitLab Importer Affected by VCID-4zub-buj2-5kbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-f3wf-q4fj-3gxf.yml 37.0.0
2025-07-03T19:07:26.528810+00:00 GitLab Importer Affected by VCID-4mfu-2wkc-ybbw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-8m6j-p5jv-v69w.yml 37.0.0
2025-07-03T19:07:25.763875+00:00 GitLab Importer Affected by VCID-ukvt-pj2t-9kcq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-2rcw-9hrm-8q7q.yml 37.0.0
2025-07-03T19:07:07.637483+00:00 GitLab Importer Fixing VCID-bd6u-nca5-gyeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-hq37-rfjc-mr8h.yml 37.0.0
2025-07-03T19:07:07.117994+00:00 GitLab Importer Fixing VCID-t352-87cy-4qhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pw2q-qwvj-gh43.yml 37.0.0
2025-07-03T19:07:03.963386+00:00 GitLab Importer Affected by VCID-cnqq-fdxb-9uat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-c7rj-92xr-wprg.yml 37.0.0
2025-07-03T19:07:03.426190+00:00 GitLab Importer Affected by VCID-w2qy-69nb-5ke5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-ppgf-8745-8pgx.yml 37.0.0
2025-07-03T19:07:01.312762+00:00 GitLab Importer Affected by VCID-2m7w-zfua-u7b9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g4pf-3jvq-2gcw.yml 37.0.0
2025-07-03T19:07:00.685297+00:00 GitLab Importer Affected by VCID-u6ar-3wzb-u3eg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g46h-v2cc-6c94.yml 37.0.0
2025-07-03T19:07:00.226201+00:00 GitLab Importer Affected by VCID-xg9s-8fv2-87hq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-67wg-6j7r-mqh8.yml 37.0.0
2025-07-03T19:06:58.736647+00:00 GitLab Importer Affected by VCID-brcm-16va-3yek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-c7p6-3c9c-f88q.yml 37.0.0
2025-07-03T19:06:58.089954+00:00 GitLab Importer Affected by VCID-a6c5-ytdy-3qh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-5gr6-97fv-52cc.yml 37.0.0
2025-07-03T19:06:57.360635+00:00 GitLab Importer Affected by VCID-mf9a-exme-b3ca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-6f9m-v7mp-7jjq.yml 37.0.0
2025-07-03T18:59:55.929668+00:00 GitLab Importer Affected by VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-gj48-w74w-8gvm.yml 37.0.0
2025-07-03T18:59:53.803439+00:00 GitLab Importer Affected by VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GMS-2024-342.yml 37.0.0
2025-07-03T18:36:13.705374+00:00 GitLab Importer Affected by VCID-kh9n-kuvd-pbat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2022-23501.yml 37.0.0
2025-07-03T18:30:22.064947+00:00 GitLab Importer Affected by VCID-w2hv-ftte-fyd1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2022-36107.yml 37.0.0
2025-07-03T18:30:20.101535+00:00 GitLab Importer Affected by VCID-xww9-ktn9-e3ga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2022-36105.yml 37.0.0
2025-07-03T18:25:47.279597+00:00 GitLab Importer Affected by VCID-q2ch-qd6x-vqeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2022-31047.yml 37.0.0
2025-07-03T18:02:44.349439+00:00 GitLab Importer Affected by VCID-tvq8-qbwc-qkfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32768.yml 37.0.0
2025-07-03T18:02:18.323600+00:00 GitLab Importer Affected by VCID-rmnv-emnu-6bfy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32767.yml 37.0.0
2025-07-03T17:56:43.273713+00:00 GitLab Importer Affected by VCID-d42j-347n-e7en https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21338.yml 37.0.0
2025-07-03T17:56:28.129122+00:00 GitLab Importer Affected by VCID-ekj9-nhu4-93cc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21370.yml 37.0.0
2025-07-03T17:56:26.102730+00:00 GitLab Importer Affected by VCID-v83x-2hx7-yycg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21339.yml 37.0.0
2025-07-03T17:52:31.201357+00:00 GitLab Importer Affected by VCID-rtd6-q7tg-ykfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2020-26227.yml 37.0.0
2025-07-03T17:37:57.457269+00:00 GitLab Importer Affected by VCID-8mc9-ye3u-c3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-19849.yml 37.0.0
2025-07-03T17:37:55.990335+00:00 GitLab Importer Affected by VCID-hg6g-kn76-bfbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-19848.yml 37.0.0
2025-07-03T17:30:48.057749+00:00 GitLab Importer Affected by VCID-xsd3-6zyc-j7dg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-4.yml 37.0.0
2025-07-03T17:30:47.753383+00:00 GitLab Importer Affected by VCID-7yn7-f2cw-ukfj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-6.yml 37.0.0
2025-07-03T17:30:46.792474+00:00 GitLab Importer Affected by VCID-8re4-c6j8-hyfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-7.yml 37.0.0
2025-07-03T17:30:46.097310+00:00 GitLab Importer Affected by VCID-53bg-1gfq-7bap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-2.yml 37.0.0
2025-07-03T17:30:45.609653+00:00 GitLab Importer Affected by VCID-fj4s-fcy4-2fcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-1.yml 37.0.0
2025-07-03T17:30:45.305873+00:00 GitLab Importer Affected by VCID-hrjb-bbbx-1kbq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-5.yml 37.0.0
2025-07-03T17:30:44.540262+00:00 GitLab Importer Affected by VCID-1txn-xjt1-37ha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-12-11-3.yml 37.0.0
2025-07-03T17:27:56.014961+00:00 GitLab Importer Affected by VCID-cvpr-b5np-6bcv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-07-12-1.yml 37.0.0
2025-07-03T17:27:54.321234+00:00 GitLab Importer Affected by VCID-n7ha-dtwq-xqf9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2018-07-12-2.yml 37.0.0
2025-07-03T17:23:52.053390+00:00 GitLab Importer Affected by VCID-jtuy-ex79-tfbu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2018-6905.yml 37.0.0
2025-07-03T17:20:14.244612+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 37.0.0
2025-07-03T17:20:08.048395+00:00 GitLab Importer Affected by VCID-58sc-bkhd-7ud1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-4.yml 37.0.0
2025-07-03T17:20:07.834690+00:00 GitLab Importer Affected by VCID-scue-m12x-nkf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-3.yml 37.0.0
2025-07-03T17:20:07.520324+00:00 GitLab Importer Affected by VCID-vftm-uyy7-63fb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-2.yml 37.0.0
2025-07-03T17:20:07.292500+00:00 GitLab Importer Affected by VCID-vyhd-x5fe-b3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-005.yml 37.0.0
2025-07-03T17:20:06.894454+00:00 GitLab Importer Affected by VCID-fru4-hjhx-47ev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-006.yml 37.0.0
2025-07-03T17:20:06.665232+00:00 GitLab Importer Affected by VCID-yz56-gs5x-hudr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-007.yml 37.0.0
2025-07-03T17:18:30.519916+00:00 GitLab Importer Affected by VCID-hwcz-r4cu-9fba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-003.yml 37.0.0
2025-07-03T17:18:29.872711+00:00 GitLab Importer Affected by VCID-7yrw-wj9m-hkd4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-02-28-2.yml 37.0.0
2025-07-03T17:18:15.268318+00:00 GitLab Importer Affected by VCID-htsn-wq8h-qbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-01-03-1.yml 37.0.0
2025-07-03T17:16:33.328788+00:00 GitLab Importer Affected by VCID-heyp-4b45-v7gp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-1.yml 37.0.0
2025-07-03T17:16:33.029916+00:00 GitLab Importer Affected by VCID-y15u-f9e9-akff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-2.yml 37.0.0
2025-07-03T17:16:32.728792+00:00 GitLab Importer Affected by VCID-8fkz-6kqu-gqbk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-024.yml 37.0.0
2025-07-03T17:16:32.440134+00:00 GitLab Importer Affected by VCID-e5ns-2x1v-sbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-023.yml 37.0.0
2025-07-03T13:56:52.848708+00:00 GitLab Importer Fixing VCID-bd6u-nca5-gyeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-hq37-rfjc-mr8h.yml 36.1.3
2025-07-03T13:56:52.785688+00:00 GitLab Importer Fixing VCID-t352-87cy-4qhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pw2q-qwvj-gh43.yml 36.1.3
2025-07-01T18:10:15.746803+00:00 GitLab Importer Fixing VCID-f6sb-d831-u3fh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-021.yml 36.1.3
2025-07-01T18:10:15.720220+00:00 GitLab Importer Fixing VCID-ky6n-ka2n-ayhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-022.yml 36.1.3
2025-07-01T18:10:14.303799+00:00 GitLab Importer Fixing VCID-gb7f-4sm6-tkaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-2.yml 36.1.3
2025-07-01T18:10:14.268779+00:00 GitLab Importer Fixing VCID-t7fe-ph2m-j3e5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-1.yml 36.1.3
2025-07-01T14:35:06.186590+00:00 GHSA Importer Fixing VCID-t352-87cy-4qhm https://github.com/advisories/GHSA-pw2q-qwvj-gh43 36.1.3
2025-07-01T14:35:05.712830+00:00 GHSA Importer Fixing VCID-bd6u-nca5-gyeu https://github.com/advisories/GHSA-hq37-rfjc-mr8h 36.1.3
2025-07-01T12:11:03.654336+00:00 GithubOSV Importer Fixing VCID-bd6u-nca5-gyeu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-hq37-rfjc-mr8h/GHSA-hq37-rfjc-mr8h.json 36.1.3
2025-07-01T12:11:02.534541+00:00 GithubOSV Importer Fixing VCID-t352-87cy-4qhm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-pw2q-qwvj-gh43/GHSA-pw2q-qwvj-gh43.json 36.1.3