typo3/cms-core vulnerabilities

The core library of TYPO3.

Latest version: v9.5.27

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the typo3/cms-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • L
Cross-site Scripting (XSS)
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,<9.5.25 Not available 18 Mar, 2021
  • M
Cross-site Scripting (XSS)
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14 Not available 18 Mar, 2021
  • M
Information Exposure
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,<9.5.25 Not available 18 Mar, 2021
  • M
Cross-site Scripting (XSS)
>=11.0.0, <11.1.1,>=10.2.0, <10.4.14 Not available 18 Mar, 2021
  • M
Denial of Service (DoS)
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,>=9.0.0, <9.5.25 Not available 18 Mar, 2021
  • H
Cross-site Scripting (XSS)
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,>=8.0.0, <9.5.25 Not available 18 Mar, 2021
  • M
Open Redirect
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,<9.5.25 Not available 18 Mar, 2021
  • H
Improper Input Validation
>=11.0.0, <11.1.1,>=10.0.0, <10.4.14,>=8.0.0, <9.5.25 Not available 18 Mar, 2021
  • H
Privilege Escalation
>=9.0.0, <9.5.20,>=10.0.0, <10.4.6 Not available 28 Jul, 2020
  • H
Information Exposure
>=9.0.0, <9.5.20,>=10.0.0, <10.4.6 Not available 28 Jul, 2020
  • M
Cross-site Scripting (XSS)
>=10.0.0, <10.4.2,>=9.0.0, <9.5.17 Not available 12 May, 2020
  • H
Server-side Request Forgery (SSRF)
>=10.0.0, <10.4.2,>=9.0.0, <9.5.17 Not available 12 May, 2020
  • L
Information Exposure
>=10.0.0, <10.4.2 Not available 12 May, 2020
  • H
Deserialization of Untrusted Data
>=10.0.0, <10.4.2,>=9.0.0, <9.5.17 Not available 12 May, 2020
  • M
Cross-site Scripting (XSS)
>=10.0.0, <10.4.2,>=9.0.0, <9.5.17 Not available 12 May, 2020
  • H
Deserialization of Untrusted Data
>=10.0.0, <10.4.2,>=9.0.0, <9.5.17 Not available 12 May, 2020
  • M
SQL Injection
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 18 Dec, 2019
  • H
Deserialization of Untrusted Data
>=8.0.0, <8.7.30,>=9.0.0, <9.5.12 Not available 18 Dec, 2019
  • M
Cross-site Scripting (XSS)
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 18 Dec, 2019
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 18 Dec, 2019
  • M
Cross-site Scripting (XSS)
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 17 Dec, 2019
  • M
Cross-site Scripting (XSS)
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 17 Dec, 2019
  • H
Deserialization of Untrusted Data
>=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Not available 17 Dec, 2019
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.27,>=9.0.0, <9.5.8 Not available 25 Jun, 2019
  • H
Deserialization of Untrusted Data
>=8.0.0, <8.7.27,>=9.0.0, <9.5.8 Not available 25 Jun, 2019
  • M
Cross-site Scripting (XSS)
>=8.3.0, <8.7.27,>=9.0.0, <9.5.8 Not available 25 Jun, 2019
  • L
Session Fixation
>=8.0.0, <8.7.27,>=9.0.0, <9.5.8 Not available 25 Jun, 2019
  • H
Arbitrary Code Execution
>=8.0.0, <8.7.25,>=9.0.0, <9.5.6 Not available 08 May, 2019
  • M
Improper Access Control
>=8.0.0, <8.7.25,>=9.0.0, <9.5.6 Not available 08 May, 2019