Browse Security Advisories
Moderate Security Advisories for moodle/moodle Clear Filters
Moderate
3 months ago
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter
packagist
moodle/moodle
Moderate
5 months ago
Moodle has an IDOR in messaging web service which allows access to some user details
packagist
moodle/moodle
Moderate
5 months ago
Moodle has reflected Cross-site Scripting risk in policy tool
packagist
moodle/moodle
Moderate
5 months ago
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
packagist
moodle/moodle
Moderate
5 months ago
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
packagist
moodle/moodle
Moderate
5 months ago
Moodle's AJAX section delete does not respect course_can_delete_section()
packagist
moodle/moodle
Moderate
5 months ago
Moodle shows hidden grades to users without permission on some grade reports
packagist
moodle/moodle
Moderate
5 months ago
Moodle makes some user data available before completing second factor with MFA enabled
packagist
moodle/moodle
Moderate
5 months ago
Moodle reveals student identities through assignment submissions search on anonymous submissions
packagist
moodle/moodle
Moderate
5 months ago
Moodle self enrollment available before completing second factor with MFA enabled
packagist
moodle/moodle
Moderate
7 months ago
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
packagist
moodle/moodle
Moderate
7 months ago
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
packagist
moodle/moodle
Moderate
10 months ago
Moodle Lesson activity password bypass through PHP loose comparison
packagist
moodle/moodle
Moderate
10 months ago
Moodle allows users to retrieve information they did not have permission to access
packagist
moodle/moodle
Moderate
11 months ago
moodle: Some users can delete audiences of other reports
packagist
moodle/moodle
Moderate
11 months ago
Moodle's IDOR in badges allows deletion of arbitrary badges
packagist
moodle/moodle
Moderate
11 months ago
Moodle vulnerable to cache poisoning via injection into storage
packagist
moodle/moodle
Moderate
11 months ago
Moodle vulnerable to site administration SQL injection via XMLDB editor
packagist
moodle/moodle
Moderate
11 months ago
Moodle LFI vulnerability when restoring malformed block backups
packagist
moodle/moodle
Moderate
11 months ago
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle uses the same key for QR login and auto-login
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle stored XSS via calendar's event title when deleting the event
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle BigBlueButton web service leaks meeting joining information
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle HTTP authorization header is preserved between "emulated redirects"
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle Unsanitized HTML in site log for config_log_created
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle broken access control when setting calendar event type
packagist
moodle/moodle
Moderate
almost 2 years ago
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
packagist
moodle/moodle
Moderate
almost 2 years ago
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle External Control of File Name or Path vulnerability
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow students to bypass sequential navigation during a quiz attempt
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may display roles to users who don't have access to them
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow authenticated users to enumerate other user's names via learning plans page
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow teachers to access the names of users they could not otherwise access
packagist
moodle/moodle
Moderate
almost 3 years ago
Moodle reflected cross-site scripting vulnerability in policy tool
packagist
moodle/moodle
Moderate
almost 3 years ago
Moodle stored-XSS vulnerability in some "social" user profile fields
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle No groups filtering in H5P activity attempts report
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Exposure of Sensitive Information to an Unauthorized Actor
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Stored XSS and blind SSRF possible via SCORM track details
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Open redirect risk in mobile auto-login feature
packagist
moodle/moodle
Moderate
over 3 years ago
Moodle Insecure direct object reference (IDOR) in a calendar web service
packagist
moodle/moodle
Moderate
over 3 years ago
Moodle Bypass email verification secret when confirming account registration
packagist
moodle/moodle
Moderate
over 3 years ago
Moodle contains Stored XSS via ID number user profile field
packagist
moodle/moodle
Filter by Severity
Filter by Ecosystem
maven
3,253
packagist
2,961
pypi
2,035
npm
1,376
go
1,297
nuget
468
cargo
419
rubygems
419
hex
16
swift
11
actions
8
pub
2
Filter by Package
moodle/moodle
307
tensorflow
200
tensorflow-cpu
191
tensorflow-gpu
187
magento/community-edition
151
org.jenkins-ci.main:jenkins-core
148
typo3/cms
126
com.liferay.portal:release.portal.bom
104
org.apache.tomcat:tomcat
90
pimcore/pimcore
87
github.com/mattermost/mattermost/server/v8
83
com.liferay.portal:release.dxp.bom
80
microweber/microweber
72
typo3/cms-core
71
silverstripe/framework
66
phpmyadmin/phpmyadmin
56
dolibarr/dolibarr
55
drupal/core
51
github.com/usememos/memos
50
magento/project-community-edition
49
thorsten/phpmyfaq
47
concrete5/concrete5
46
actionpack
45
apache-superset
45
Django
44
apache-airflow
44
librenms/librenms
43
drupal/drupal
39
Plone
35
showdoc/showdoc
34
picklescan
34
mantisbt/mantisbt
33
org.elasticsearch:elasticsearch
33
org.keycloak:keycloak-core
32
craftcms/cms
31
github.com/grafana/grafana
31
symfony/symfony
30
nova
29
github.com/mattermost/mattermost-server/v6
29
github.com/mattermost/mattermost-server
28
snipe/snipe-it
27
intelliants/subrion
27
moin
27
mautic/core
27
baserproject/basercms
26
ansible
25
k8s.io/kubernetes
24
shopware/platform
23
directus
22
github.com/answerdev/answer
21
github.com/hashicorp/vault
21
nilsteampassnet/teampass
21
org.keycloak:keycloak-services
21
froxlor/froxlor
20
grumpydictator/firefly-iii
20
gradio
20
mediawiki/core
20
github.com/cilium/cilium
19
org.apache.struts:struts2-core
19
matrix-synapse
19
shopware/shopware
19
remdex/livehelperchat
18
plone
18
github.com/argoproj/argo-cd/v2
17
shopware/core
17
salt
17
DotNetNuke.Core
17
getkirby/cms
17
contao/core-bundle
17
prestashop/prestashop
16
zendframework/zendframework1
16
rdiffweb
16
vyper
15
yetiforce/yetiforce-crm
15
io.undertow:undertow-core
15
rack
15
org.opencms:opencms-core
15
org.apache.jspwiki:jspwiki-main
15
github.com/hashicorp/nomad
15
glance
14
django
14
org.xwiki.platform:xwiki-platform-oldcore
14
puppet
14
github.com/hashicorp/consul
14
org.apache.tomcat.embed:tomcat-embed-core
14
github.com/docker/docker
14
keystone
13
forkcms/forkcms
13
nokogiri
13
com.jfinal:jfinal
13
github.com/goharbor/harbor
13
com.thoughtworks.xstream:xstream
13
typo3/cms-backend
13
github.com/openfga/openfga
13
tribalsystems/zenario
13
org.springframework.security:spring-security-core
12
simplesamlphp/simplesamlphp
12
helm.sh/helm/v3
12
tinymce
12
roundup
12
next
12
wallabag/wallabag
12
transformers
12
getgrav/grav
11
feehi/feehicms
11
github.com/argoproj/argo-cd
11
ghost
11
github.com/containerd/containerd
11
org.bouncycastle:bcprov-jdk15on
11
genix/cms
11
org.eclipse.jetty:jetty-server
11
ec-cube/ec-cube
11
github.com/traefik/traefik/v2
11
activesupport
11
lavalite/cms
11
@openzeppelin/contracts-upgradeable
11
@openzeppelin/contracts
11
ckeditor4
11
zendframework/zendframework
10
org.apache.solr:solr-core
10
org.apache.nifi:nifi
10
fat_free_crm
10
francoisjacquet/rosariosis
10
laravel/framework
10
com.liferay.portal:com.liferay.portal.impl
10
aiohttp
10
electron
10
vllm
10
surrealdb
10
org.apache.jspwiki:jspwiki-war
10
joplin
10
org.apache.tomcat:tomcat-coyote
10
opencart/opencart
10
org.keycloak:keycloak-parent
10
github.com/greenpau/caddy-security
10
PaddlePaddle
10
OctoPrint
10
notebook
10
github.com/ethereum/go-ethereum
10
bolt/bolt
10
com.vaadin:vaadin-bom
10
org.springframework:spring-core
10
silverstripe/cms
10
vite
10
pimcore/admin-ui-classic-bundle
9
pyftpdlib
9
phpoffice/phpspreadsheet
9
rubygems-update
9
horizon
9
calibreweb
9
org.apache.activemq:activemq-client
9
tinymce/tinymce
9
angular
9
wasmtime
9
org.mortbay.jetty:jetty
9
publify_core
9
github.com/rancher/rancher
9
urllib3
9
TinyMCE
9
org.opencrx:opencrx-core-models
9
org.jenkins-ci.plugins:git
9
contao/contao
9
org.igniterealtime.openfire:parent
9
gogs.io/gogs
9
cakephp/cakephp
9
code.gitea.io/gitea
9
open-webui
9
org.jenkins-ci.plugins:script-security
9
org.webjars:bootstrap
8
github.com/mattermost/mattermost-plugin-confluence
8
centreon/centreon
8
rails-html-sanitizer
8
github.com/cri-o/cri-o
8
org.opensearch.plugin:opensearch-security
8
swagger-ui
8
org.apache.ranger:ranger
8
camaleon_cms
8
activerecord
8
org.apache.tomcat:tomcat-catalina
8
pyload-ng
8
opencv-python
8
opencv-contrib-python
8
onionshare-cli
8
neutron
8
modoboa
8
github.com/kubeedge/kubeedge
8
Microsoft.ChakraCore
8
mlflow
8
org.jenkins-ci.plugins:subversion
8
parse-server
8
org.apache.archiva:archiva
8
org.jenkins-ci.plugins:electricflow
8
sylius/sylius
8
sulu/sulu
8
phpmyfaq/phpmyfaq
8
phpbb/phpbb
8
editor.md
8
impresscms/impresscms
8
github.com/moby/moby
8
alextselegidis/easyappointments
8