Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131 advisories

Loading
Moodle does not enforce capability requirements for reading blog comments Moderate
CVE-2013-2082 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly manage privileges for WebDAV repositories Moderate
CVE-2013-1836 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows remote authenticated users to reassign notes Moderate
CVE-2013-1834 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle is vulnerable to Sensitive Information Disclosure Moderate
CVE-2013-2080 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests Moderate
CVE-2012-6112 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not enforce the forceloginforprofiles setting Moderate
CVE-2013-1830 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle reveals absolute path in exception message Moderate
CVE-2013-1831 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle includes the WebDAV password in the configuration form Moderate
CVE-2013-1832 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2014-2571 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Moderate
CVE-2014-0218 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle's time-validation implementation allows bypassing intended restrictions Moderate
CVE-2014-0127 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle multiple cross-site request forgery (CSRF) vulnerabilities Moderate
CVE-2014-0213 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not check for the moodle/course:viewhiddencourses capability Moderate
CVE-2014-0217 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability Moderate
CVE-2014-0126 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to modify the visibility of a badge Moderate
CVE-2014-0129 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle attackers to modify grade metadata Moderate
CVE-2014-2572 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly restrict file access Moderate
CVE-2014-0216 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to bypass intended access restrictions Moderate
CVE-2015-5342 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to obtain sensitive information Moderate
CVE-2014-0124 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle places a session key in a URL Moderate
CVE-2014-0125 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly restrict access Moderate
CVE-2014-0123 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows bypass of intended access restrictions Moderate
CVE-2014-0122 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to read SCORM contents Moderate
CVE-2015-5341 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API