Synced 17 Jun 2026 22:27 UTC Account
← TYPO3

TYPO3 vulnerabilities: known CVEs & security history

TYPO3 · CMS · 473 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all TYPO3 release lines — 473 in total. A CVE here doesn't mean your version is affected — check TYPO3's current status and the safe version to run.

473
known CVEs
0
actively exploited (KEV)
2
critical severity
0
ransomware-linked

Known TYPO3 CVEs

Actively-exploited and most-severe first. Showing the top 80 of 473. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2011-3583 critical 9.8 1% 2019
CVE-2011-4628 critical 9.8 2% 2019
CVE-2013-6288 high 10 2% 2013
CVE-2013-5303 high 10 2% 2013
CVE-2010-4953 high 10 3% 2011
CVE-2010-4889 high 10 2% 2011
CVE-2009-4952 high 10 3% 2010
CVE-2009-3819 high 10 2% 2009
CVE-2009-3818 high 10 1% 2009
CVE-2009-0258 high 10 3% 2009
CVE-2025-59017 high 8.8 0% 2025
CVE-2023-24814 high 8.8 1% 2023
CVE-2021-41113 high 8.8 1% 2021
CVE-2020-15098 high 8.8 2% 2020
CVE-2020-11067 high 8.8 2% 2020
CVE-2019-19849 high 8.8 1% 2019
CVE-2010-3663 high 8.8 2% 2019
CVE-2010-3662 high 8.8 1% 2019
CVE-2019-12747 high 8.8 2% 2019
CVE-2017-14251 high 8.8 2% 2017
CVE-2020-11066 high 8.7 1% 2020
CVE-2021-21355 high 8.6 2% 2021
CVE-2009-3631 high 8.5 3% 2009
CVE-2021-21357 high 8.3 2% 2021
CVE-2025-59022 high 8.1 0% 2026
CVE-2020-26228 high 8.1 1% 2020
CVE-2020-15099 high 8.1 2% 2020
CVE-2016-5091 high 8.1 3% 2017
CVE-2024-55924 high 8 0% 2025
CVE-2020-11069 high 8 1% 2020
CVE-2026-0859 high 7.8 0% 2026
CVE-2010-0323 high 7.8 1% 2010
CVE-2008-6630 high 7.8 2% 2009
CVE-2026-6553 high 7.5 0% 2026
CVE-2024-55921 high 7.5 0% 2025
CVE-2022-23503 high 7.5 1% 2022
CVE-2010-3668 high 7.5 1% 2019
CVE-2019-11832 high 7.5 4% 2019
CVE-2014-9509 high 7.5 1% 2015
CVE-2013-5569 high 7.5 1% 2013
CVE-2013-5322 high 7.5 1% 2013
CVE-2013-5310 high 7.5 1% 2013
CVE-2013-5306 high 7.5 1% 2013
CVE-2013-5304 high 7.5 1% 2013
CVE-2013-5302 high 7.5 1% 2013
CVE-2013-4870 high 7.5 1% 2013
CVE-2013-4748 high 7.5 1% 2013
CVE-2013-4745 high 7.5 1% 2013
CVE-2013-4721 high 7.5 1% 2013
CVE-2013-4720 high 7.5 1% 2013
CVE-2013-4719 high 7.5 1% 2013
CVE-2013-4683 high 7.5 1% 2013
CVE-2013-4682 high 7.5 1% 2013
CVE-2013-4681 high 7.5 1% 2013
CVE-2013-4634 high 7.5 1% 2013
CVE-2013-1842 high 7.5 3% 2013
CVE-2012-1077 high 7.5 1% 2012
CVE-2012-1075 high 7.5 1% 2012
CVE-2012-1074 high 7.5 1% 2012
CVE-2012-1072 high 7.5 1% 2012
CVE-2012-1071 high 7.5 1% 2012
CVE-2010-4962 high 7.5 2% 2011
CVE-2010-4961 high 7.5 1% 2011
CVE-2010-4957 high 7.5 1% 2011
CVE-2010-4952 high 7.5 1% 2011
CVE-2010-4950 high 7.5 1% 2011
CVE-2010-4891 high 7.5 1% 2011
CVE-2010-4888 high 7.5 1% 2011
CVE-2010-4887 high 7.5 1% 2011
CVE-2011-3980 high 7.5 1% 2011
CVE-2011-1722 high 7.5 1% 2011
CVE-2010-3604 high 7.5 1% 2010
CVE-2009-4971 high 7.5 1% 2010
CVE-2009-4970 high 7.5 1% 2010
CVE-2009-4969 high 7.5 1% 2010
CVE-2009-4968 high 7.5 1% 2010
CVE-2009-4967 high 7.5 1% 2010
CVE-2009-4966 high 7.5 1% 2010
CVE-2009-4965 high 7.5 1% 2010
CVE-2009-4959 high 7.5 1% 2010

393 older / lower-severity CVEs not shown — see TYPO3's full record.

Is my TYPO3 version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your TYPO3 version → · Monitor TYPO3 for new CVEs →

TYPO3 vulnerabilities — frequently asked

How many known vulnerabilities does TYPO3 have?

IsItPatched tracks 473 CVEs for TYPO3. 2 are critical-severity and 191 high-severity. These span every release line — what matters is whether the version you run is affected.

Does TYPO3 have any actively-exploited vulnerabilities?

None of TYPO3's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe TYPO3 vulnerability?

Among tracked issues, CVE-2011-3583 (CRITICAL, CVSS 9.8) ranks highest — a SQL injection weakness.

Is TYPO3 safe to use?

It depends on the version. The latest supported TYPO3 release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: TYPO3 security status · TYPO3 end-of-life · actively-exploited CVEs. Always verify against TYPO3's advisories — see our disclaimer.