GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
131 advisories
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
Moderate
CVE-2013-2083
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's login_as feature leaks information from external repositories
Low
CVE-2013-1835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly manage privileges for WebDAV repositories
Moderate
CVE-2013-1836
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote authenticated users to reassign notes
Moderate
CVE-2013-1834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to Sensitive Information Disclosure
Moderate
CVE-2013-2080
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the forceloginforprofiles setting
Moderate
CVE-2013-1830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle reveals absolute path in exception message
Moderate
CVE-2013-1831
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle includes the WebDAV password in the configuration form
Moderate
CVE-2013-1832
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
Moderate
CVE-2012-6112
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-0218
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-2571
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to modify the visibility of a badge
Moderate
CVE-2014-0129
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle attackers to modify grade metadata
Moderate
CVE-2014-2572
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2014-0126
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2014-0213
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's time-validation implementation allows bypassing intended restrictions
Moderate
CVE-2014-0127
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict file access
Moderate
CVE-2014-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not check for the moodle/course:viewhiddencourses capability
Moderate
CVE-2014-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass intended access restrictions
Moderate
CVE-2015-5342
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict access
Moderate
CVE-2014-0123
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows bypass of intended access restrictions
Moderate
CVE-2014-0122
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle places a session key in a URL
Moderate
CVE-2014-0125
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-0124
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to read SCORM contents
Moderate
CVE-2015-5341
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API