Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

The TYPO3 Association Has Been Authorized by the CVE Program as a CVE Numbering Authority (CNA)

As of 15 July 2025, the TYPO3 Association has received official approval from the CVE Program to operate as a CVE Numbering Authority (CNA). Common Vulnerabilities and Exposures (CVE) Records are part of the global cybersecurity infrastructure. They provide a shared, standardized reference for identifying and addressing vulnerabilities.

Baar ZG, Switzerland – 16 July 2025

As a CVE Numbering Authority (CNA), the TYPO3 Association has assigned the TYPO3 Security Team as the sole authority to assign CVE identifiers for vulnerabilities in TYPO3 CMS and its ecosystem, ensuring verified, coordinated, and consistent publication of security issues. With CNA status, TYPO3 can prevent uncoordinated third-party disclosures and avoid inaccurate or duplicate entries in public vulnerability databases.

This step places TYPO3 within a global network of trusted organizations and open source CMSs — including fellow members of the Open Website Alliance — responsible for CVE publication in their domains. It streamlines TYPO3’s vulnerability announcement and disclosure process, aligning it with international standards, benefiting users, integrators, and the broader security community.

TYPO3 Voices on CNA Authorization

“By becoming a CNA, TYPO3 gains full control over the disclosure of its vulnerabilities — ensuring accurate, coordinated communication and protecting the integrity of our ecosystem from unverified third-party reports.”

— Torben Hansen, TYPO3 Security Team Co-Lead

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

About TYPO3

TYPO3 CMS

TYPO3 is an open-source enterprise content management system (CMS) and a verified Digital Public Good approved by the Digital Public Goods Alliance. You can download and find more information about TYPO3 at typo3.org.

TYPO3 Association

The TYPO3 Association is a Swiss not-for-profit association founded by members of the TYPO3 Community in November 2004 that provides software to the public free of charge. Headquartered in Baar ZG, Switzerland, the TYPO3 Association is non-partisan and denominationally neutral. The association has approximately 1,000 members and coordinates and funds the long-term development of TYPO3 CMS. It is the owner of the TYPO3 trademark. Find more information at typo3.org/project/association.

TYPO3 Company

TYPO3 GmbH is a service company established by the TYPO3 Association to provide support services and to take on the development of the TYPO3 CMS software. More about the TYPO3 Company can be found at typo3.com/typo3-gmbh.

In Other Languages

Related Links

Press Enquiries

TYPO3 Association
Mathias Bolt Lesniak
media(at)typo3.com

Start Spreading the News

Please feel free to send a copy of the press release to your local media. Just ensure you do not spam. Make it clear that you are not an official representative of the TYPO3 Association or TYPO3 Company, but that you are an agency or individual using TYPO3.