CVE security advisories and vulnerability history for typo3.cms by typo3.
87
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
3
Public exploits
With known exploit
5.7
Avg CVSS
2017–2025
Last updated
Overview
typo3 typo3.cms has 87 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 5.7.
This page aggregates every publicly disclosed vulnerability (CVE) affecting typo3 typo3.cms, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of typo3 typo3.cms's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High16
Medium54
Low9
8 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of typo3 typo3.cms's CVEs are currently listed in CISA's KEV catalog.
Public exploits
3
3 of typo3 typo3.cms's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every typo3 typo3.cms version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about typo3 typo3.cms vulnerabilities.
How many CVEs does typo3 typo3.cms have?
typo3 typo3.cms has 87 published CVE records since 2017.
How many typo3 typo3.cms CVEs are in CISA KEV?
None of typo3 typo3.cms's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for typo3 typo3.cms vulnerabilities?
Yes — 3 of typo3 typo3.cms's CVEs have a known public exploit.
Which versions of typo3 typo3.cms are affected?
451 distinct typo3 typo3.cms versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in typo3 typo3.cms CVEs?
typo3 typo3.cms's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-749 (Exposed Dangerous Method or Function), CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')).
What is the average severity of typo3 typo3.cms CVEs?
The average CVSS base score across typo3 typo3.cms's scored CVEs is 5.7.
