GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
280 advisories
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
Moderate
CVE-2012-6112
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-0218
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-2571
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2014-0213
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not check for the moodle/course:viewhiddencourses capability
Moderate
CVE-2014-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict file access
Moderate
CVE-2014-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's time-validation implementation allows bypassing intended restrictions
Moderate
CVE-2014-0127
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2014-0126
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to modify the visibility of a badge
Moderate
CVE-2014-0129
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle attackers to modify grade metadata
Moderate
CVE-2014-2572
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass intended access restrictions
Moderate
CVE-2015-5342
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows bypass of intended access restrictions
Moderate
CVE-2014-0122
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly restrict access
Moderate
CVE-2014-0123
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-0124
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle places a session key in a URL
Moderate
CVE-2014-0125
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-7341
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not set the RISK_XSS bit for graders
Low
CVE-2015-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to read SCORM contents
Moderate
CVE-2015-5341
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
High
CVE-2015-5338
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle mishandles group-based authorization checks
Moderate
CVE-2015-5268
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2015-5336
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly implement group-based access restrictions
Moderate
CVE-2015-5339
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Moderate
CVE-2015-5269
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2015-3275
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API