GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
171 advisories
Moodle places a session key in a URL
Moderate
CVE-2014-0125
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass intended access restrictions
Moderate
CVE-2015-5342
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows bypass of intended access restrictions
Moderate
CVE-2014-0122
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict access
Moderate
CVE-2014-0123
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-0124
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict file access
Moderate
CVE-2014-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not check for the moodle/course:viewhiddencourses capability
Moderate
CVE-2014-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2014-0213
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2014-0126
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's time-validation implementation allows bypassing intended restrictions
Moderate
CVE-2014-0127
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to modify the visibility of a badge
Moderate
CVE-2014-0129
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle attackers to modify grade metadata
Moderate
CVE-2014-2572
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-0218
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the forceloginforprofiles setting
Moderate
CVE-2013-1830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle includes the WebDAV password in the configuration form
Moderate
CVE-2013-1832
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle reveals absolute path in exception message
Moderate
CVE-2013-1831
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
Moderate
CVE-2012-6112
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to Sensitive Information Disclosure
Moderate
CVE-2013-2080
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote authenticated users to reassign notes
Moderate
CVE-2013-1834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly manage privileges for WebDAV repositories
Moderate
CVE-2013-1836
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
Moderate
CVE-2013-2083
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider "don't send" attributes during hub registration
Moderate
CVE-2013-2081
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce capability requirements for reading blog comments
Moderate
CVE-2013-2082
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Secure layout contained an insecure link in Boost theme
Moderate
CVE-2019-3851
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API