GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
98 advisories
Moodle allows attackers to modify the visibility of a badge
Moderate
CVE-2014-0129
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2014-0213
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict file access
Moderate
CVE-2014-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not check for the moodle/course:viewhiddencourses capability
Moderate
CVE-2014-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability
Moderate
CVE-2014-3543
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle attackers to modify grade metadata
Moderate
CVE-2014-2572
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain username and course information
Moderate
CVE-2014-3546
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2014-3547
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2014-3548
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the moodle/site:accessallgroups capability requirement
Moderate
CVE-2014-3553
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle exposes hidden grades to students
Moderate
CVE-2014-7831
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass the mod/lti:view capability requirement
Moderate
CVE-2014-7832
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-7833
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not verify group permissions
Moderate
CVE-2014-7834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2014-7836
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to remove wiki pages
Moderate
CVE-2014-7837
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
Moderate
CVE-2014-7838
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider the moodle/tag:edit capability before adding a tag
Moderate
CVE-2014-7846
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to cause a denial of service
Moderate
CVE-2014-7847
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attacks to obtain sensitive information
Moderate
CVE-2014-7848
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
Moderate
CVE-2012-6112
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not provide charset information in HTTP headers
Moderate
CVE-2014-9059
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to trigger the generation of arbitrary messages
Moderate
CVE-2014-9060
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API