Aikido Intel
Secure My Code
Package Health

typo3/cms-backend

TYPO3 CMS backend

Latest v14.3.4PackagistPackagist

100%

Total Score

Dependencies
Dependencies
Evaluates the health and security of package dependencies

100

Maturity
Maturity
Indicates package age, release frequency, and adoption metrics

100

Supply Chain
Supply Chain
Evaluates supply chain security practices and risks

100

Are you affected? Scan for Free

Vulnerabilities

TitleVersionsSeverity
CVE-2026-6553
typo3/cms-backend is vulnerable to Cleartext Storage of Sensitive Information in versions 14.2.0 - 14.2.0.
14.2.0 - 14.2.0
CVE-2025-59020
typo3/cms-backend is vulnerable to Incorrect Authorization in versions 14.0.0 - 14.0.1, 13.0.0 - 13.4.22, 12.0.0 - 12.4.40, 11.0.0 - 11.5.48 and 10.0.0 - 10.4.54.
10.0.0 - 10.4.5411.0.0 - 11.5.4812.0.0 - 12.4.40 +2 more
CVE-2025-59019
typo3/cms-backend is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 12.0.0 - 12.4.37 and 13.0.0 - 13.4.18.
12.0.0 - 12.4.3713.0.0 - 13.4.18
CVE-2025-59014
typo3/cms-backend is vulnerable to Uncaught Exception in versions 11.0.0 - 11.5.48, 12.0.0 - 12.4.37 and 13.0.0 - 13.4.18.
11.0.0 - 11.5.4812.0.0 - 12.4.3713.0.0 - 13.4.18
CVE-2025-47941
typo3/cms-backend is vulnerable to Authentication Bypass Using an Alternate Path or Channel in versions 12.0.0 - 12.4.30 and 13.0.0 - 13.4.11.
12.0.0 - 12.4.3013.0.0 - 13.4.11

Package versions

Maintainers

TYPO3 Core Team

Direct Dependencies

DependencyLast ReleaseScore
typo3/cms-core
Version 14.3.4
psr/event-dispatcher
Version ^1.0

Weekly Downloads

Info

Last Published
22 hours ago
Created
8 years ago

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done