GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
280 advisories
Moodle does not consider the moodle/tag:edit capability before adding a tag
Moderate
CVE-2014-7846
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to cause a denial of service
Moderate
CVE-2014-7847
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attacks to obtain sensitive information
Moderate
CVE-2014-7848
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
Moderate
CVE-2012-6112
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not provide charset information in HTTP headers
Moderate
CVE-2014-9059
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to trigger the generation of arbitrary messages
Moderate
CVE-2014-9060
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2015-0211
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2015-0212
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Moderate
CVE-2015-0213
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass a messaging-disabled setting
Moderate
CVE-2015-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive calendar-event information
Moderate
CVE-2015-0215
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not set the RISK_XSS bit for graders
Low
CVE-2015-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to cause a denial of service
Moderate
CVE-2015-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle directory traversal vulnerability
Moderate
CVE-2015-1493
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
Moderate
CVE-2015-2266
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to extract archives to arbitrary directories
Moderate
CVE-2015-2267
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to cause a denial of service
Moderate
CVE-2015-2268
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive course information
Moderate
CVE-2015-2270
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider the moodle/tag:flag capability
Moderate
CVE-2015-2271
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass a forced-password-change requirement
Moderate
CVE-2015-2272
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Arbitrary Redirect
Moderate
CVE-2015-3175
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2015-2273
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not set the RISK_XSS bit for graders
Low
CVE-2015-3174
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers obtain full-name information
Moderate
CVE-2015-3176
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API