Browse Security Advisories
Moderate Security Advisories for moodle/moodle Clear Filters
Moderate
about 1 month ago
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter
packagist
moodle/moodle
Moderate
3 months ago
Moodle's AJAX section delete does not respect course_can_delete_section()
packagist
moodle/moodle
Moderate
3 months ago
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
packagist
moodle/moodle
Moderate
3 months ago
Moodle has reflected Cross-site Scripting risk in policy tool
packagist
moodle/moodle
Moderate
3 months ago
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
packagist
moodle/moodle
Moderate
3 months ago
Moodle has an IDOR in messaging web service which allows access to some user details
packagist
moodle/moodle
Moderate
3 months ago
Moodle shows hidden grades to users without permission on some grade reports
packagist
moodle/moodle
Moderate
3 months ago
Moodle self enrollment available before completing second factor with MFA enabled
packagist
moodle/moodle
Moderate
3 months ago
Moodle reveals student identities through assignment submissions search on anonymous submissions
packagist
moodle/moodle
Moderate
3 months ago
Moodle makes some user data available before completing second factor with MFA enabled
packagist
moodle/moodle
Moderate
5 months ago
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
packagist
moodle/moodle
Moderate
5 months ago
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
packagist
moodle/moodle
Moderate
8 months ago
Moodle allows users to retrieve information they did not have permission to access
packagist
moodle/moodle
Moderate
8 months ago
Moodle Lesson activity password bypass through PHP loose comparison
packagist
moodle/moodle
Moderate
8 months ago
moodle: Some users can delete audiences of other reports
packagist
moodle/moodle
Moderate
9 months ago
Moodle vulnerable to cache poisoning via injection into storage
packagist
moodle/moodle
Moderate
9 months ago
Moodle LFI vulnerability when restoring malformed block backups
packagist
moodle/moodle
Moderate
9 months ago
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
packagist
moodle/moodle
Moderate
9 months ago
Moodle's IDOR in badges allows deletion of arbitrary badges
packagist
moodle/moodle
Moderate
9 months ago
Moodle vulnerable to site administration SQL injection via XMLDB editor
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle CSRF risks due to misuse of confirm_sesskey
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle BigBlueButton web service leaks meeting joining information
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle stored XSS via calendar's event title when deleting the event
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle uses the same key for QR login and auto-login
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle HTTP authorization header is preserved between "emulated redirects"
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle Unsanitized HTML in site log for config_log_created
packagist
moodle/moodle
Moderate
about 1 year ago
Moodle broken access control when setting calendar event type
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
packagist
moodle/moodle
Moderate
over 1 year ago
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
packagist
moodle/moodle
Moderate
about 2 years ago
Moodle External Control of File Name or Path vulnerability
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow students to bypass sequential navigation during a quiz attempt
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may display roles to users who don't have access to them
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow authenticated users to enumerate other user's names via learning plans page
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle may allow teachers to access the names of users they could not otherwise access
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle stored-XSS vulnerability in some "social" user profile fields
packagist
moodle/moodle
Moderate
over 2 years ago
Moodle reflected cross-site scripting vulnerability in policy tool
packagist
moodle/moodle
Moderate
almost 3 years ago
Moodle No groups filtering in H5P activity attempts report
packagist
moodle/moodle
Moderate
almost 3 years ago
Moodle Exposure of Sensitive Information to an Unauthorized Actor
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Stored XSS and blind SSRF possible via SCORM track details
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Open redirect risk in mobile auto-login feature
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Insecure direct object reference (IDOR) in a calendar web service
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle Bypass email verification secret when confirming account registration
packagist
moodle/moodle
Moderate
about 3 years ago
Moodle contains Stored XSS via ID number user profile field
packagist
moodle/moodle
Filter by Severity
Filter by Ecosystem
maven
3,136
packagist
3,007
pypi
2,023
npm
1,354
go
1,274
nuget
660
rubygems
438
cargo
411
hex
16
swift
13
actions
7
pub
3
Filter by Package
moodle/moodle
307
tensorflow
200
tensorflow-cpu
198
tensorflow-gpu
197
magento/community-edition
167
org.jenkins-ci.main:jenkins-core
145
typo3/cms
129
org.apache.tomcat:tomcat
96
pimcore/pimcore
87
github.com/mattermost/mattermost/server/v8
76
typo3/cms-core
74
com.liferay.portal:release.portal.bom
73
microweber/microweber
69
com.liferay.portal:release.dxp.bom
68
silverstripe/framework
68
phpmyadmin/phpmyadmin
56
dolibarr/dolibarr
55
drupal/core
54
magento/project-community-edition
51
github.com/usememos/memos
48
thorsten/phpmyfaq
47
actionpack
45
concrete5/concrete5
45
Django
44
apache-airflow
43
librenms/librenms
42
drupal/drupal
42
apache-superset
41
Plone
36
showdoc/showdoc
34
org.elasticsearch:elasticsearch
33
mantisbt/mantisbt
33
symfony/symfony
33
org.keycloak:keycloak-core
32
github.com/grafana/grafana
31
github.com/mattermost/mattermost-server/v6
30
plone
29
nova
29
craftcms/cms
29
moin
27
intelliants/subrion
26
baserproject/basercms
26
ansible
25
snipe/snipe-it
25
mautic/core
24
k8s.io/kubernetes
24
directus
23
shopware/platform
22
nilsteampassnet/teampass
21
github.com/mattermost/mattermost-server
21
github.com/answerdev/answer
21
django
21
org.apache.struts:struts2-core
20
gradio
20
grumpydictator/firefly-iii
20
mediawiki/core
20
froxlor/froxlor
20
org.keycloak:keycloak-services
20
org.apache.tomcat.embed:tomcat-embed-core
19
matrix-synapse
19
shopware/shopware
19
github.com/cilium/cilium
19
remdex/livehelperchat
18
github.com/docker/docker
18
zendframework/zendframework1
17
getkirby/cms
17
salt
17
shopware/core
17
rdiffweb
16
github.com/hashicorp/vault
16
github.com/argoproj/argo-cd/v2
16
vyper
15
io.undertow:undertow-core
15
prestashop/prestashop
15
rack
15
org.opencms:opencms-core
15
github.com/hashicorp/nomad
15
yetiforce/yetiforce-crm
15
DotNetNuke.Core
14
org.xwiki.platform:xwiki-platform-oldcore
14
puppet
14
tinymce
14
github.com/hashicorp/consul
14
glance
14
tribalsystems/zenario
13
contao/core-bundle
13
nokogiri
13
com.jfinal:jfinal
13
forkcms/forkcms
13
org.apache.jspwiki:jspwiki-main
13
github.com/goharbor/harbor
13
org.springframework.security:spring-security-core
13
com.thoughtworks.xstream:xstream
13
keystone
13
wallabag/wallabag
12
github.com/openfga/openfga
12
org.bouncycastle:bcprov-jdk14
12
github.com/argoproj/argo-cd
12
simplesamlphp/simplesamlphp
12
roundup
12
phpoffice/phpexcel
11
feehi/feehicms
11
org.eclipse.jetty:jetty-server
11
activesupport
11
TinyMCE
11
github.com/containerd/containerd
11
genix/cms
11
org.apache.tomcat:tomcat-coyote
11
getgrav/grav
11
@openzeppelin/contracts-upgradeable
11
@openzeppelin/contracts
11
bootstrap
11
laravel/framework
11
lavalite/cms
11
github.com/ethereum/go-ethereum
11
tinymce/tinymce
11
github.com/traefik/traefik/v2
11
ckeditor4
11
ec-cube/ec-cube
11
phpoffice/phpspreadsheet
10
surrealdb
10
org.springframework:spring-core
10
helm.sh/helm/v3
10
vllm
10
aiohttp
10
opencart/opencart
10
org.apache.solr:solr-core
10
fat_free_crm
10
com.vaadin:vaadin-bom
10
PaddlePaddle
10
OctoPrint
10
org.apache.jspwiki:jspwiki-war
10
gogs.io/gogs
10
vite
10
francoisjacquet/rosariosis
10
silverstripe/cms
10
typo3/cms-backend
10
bolt/bolt
10
bootstrap
10
joplin
10
notebook
10
github.com/greenpau/caddy-security
10
org.apache.nifi:nifi
10
ghost
10
zendframework/zendframework
10
org.keycloak:keycloak-parent
10
urllib3
9
org.webjars:bootstrap
9
code.gitea.io/gitea
9
org.bouncycastle:bcprov-jdk15on
9
org.igniterealtime.openfire:parent
9
sylius/sylius
9
org.jenkins-ci.plugins:script-security
9
horizon
9
next
9
angular
9
calibreweb
9
publify_core
9
wasmtime
9
bootstrap
9
org.opencrx:opencrx-core-models
9
org.apache.activemq:activemq-client
9
org.mortbay.jetty:jetty
9
cakephp/cakephp
9
pimcore/admin-ui-classic-bundle
9
electron
9
org.jenkins-ci.plugins:git
9
twbs/bootstrap
9
pyftpdlib
9
rubygems-update
9
swagger-ui
9
open-webui
9
rails
8
github.com/rancher/rancher
8
impresscms/impresscms
8
Microsoft.ChakraCore
8
neutron
8
org.jenkins-ci.plugins:electricflow
8
jquery-rails
8
org.jenkins-ci.plugins:subversion
8
onionshare-cli
8
centreon/centreon
8
mlflow
8
transformers
8
opencv-contrib-python
8
modoboa
8
contao/contao
8
bootstrap.sass
8
actionview
8
org.apache.ranger:ranger
8
rails-html-sanitizer
8
parse-server
8
org.apache.archiva:archiva
8
github.com/kubeedge/kubeedge
8
github.com/traefik/traefik/v3
8
opencv-python
8
pyload-ng
8
sulu/sulu
8
org.bouncycastle:bcprov-jdk15to18
8
github.com/moby/moby
8