Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

280 advisories

Loading
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests Moderate
CVE-2012-6112 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2014-2571 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Moderate
CVE-2014-0218 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle multiple cross-site request forgery (CSRF) vulnerabilities Moderate
CVE-2014-0213 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability Moderate
CVE-2014-0126 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to modify the visibility of a badge Moderate
CVE-2014-0129 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not check for the moodle/course:viewhiddencourses capability Moderate
CVE-2014-0217 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle's time-validation implementation allows bypassing intended restrictions Moderate
CVE-2014-0127 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle attackers to modify grade metadata Moderate
CVE-2014-2572 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly restrict file access Moderate
CVE-2014-0216 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to obtain sensitive information Moderate
CVE-2014-0124 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows bypass of intended access restrictions Moderate
CVE-2014-0122 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly restrict access Moderate
CVE-2014-0123 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle places a session key in a URL Moderate
CVE-2014-0125 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to bypass intended access restrictions Moderate
CVE-2015-5342 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerabilities Moderate
CVE-2013-7341 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not set the RISK_XSS bit for graders Low
CVE-2015-0216 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to read SCORM contents Moderate
CVE-2015-5341 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle multiple cross-site request forgery (CSRF) vulnerabilities High
CVE-2015-5338 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to delete files Moderate
CVE-2015-5265 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2015-3275 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to obtain manager privileges Moderate
CVE-2015-5266 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3274 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to enter additional answer attempts Moderate
CVE-2015-5264 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API