GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
98 advisories
Moodle XSS Vulnerability
Moderate
CVE-2019-3847
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to discover hidden course names
Moderate
CVE-2016-2154
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle provides calendar-event data without considering whether an activity is hidden
Moderate
CVE-2016-2156
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle External function mod_assign_save_submission does not check due dates
Moderate
CVE-2016-2159
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Access Control
Moderate
CVE-2016-3733
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive category-detail information
Moderate
CVE-2016-2158
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle XSS from profile fields from external db
Moderate
CVE-2016-2152
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Reflected XSS in mod_data advanced search
Moderate
CVE-2016-2153
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2016-2190
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2016-0724
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to modify "Exclude grade" settings
Moderate
CVE-2016-2155
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to discover student e-mail addresses
Moderate
CVE-2016-2151
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote attackers to read arbitrary files
Moderate
CVE-2014-3542
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Arbitrary File Read via XML External Entity vulnerability
Moderate
CVE-2014-3543
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain username and course information
Moderate
CVE-2014-3546
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2014-3547
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2014-3548
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not verify group permissions
Moderate
CVE-2014-7834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-7833
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the moodle/site:accessallgroups capability requirement
Moderate
CVE-2014-3553
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass the mod/lti:view capability requirement
Moderate
CVE-2014-7832
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle exposes hidden grades to students
Moderate
CVE-2014-7831
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
Moderate
CVE-2014-7838
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows discovery of an author's username
Moderate
CVE-2014-3617
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API