Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Moodle multiple cross-site request forgery (CSRF) vulnerabilities Moderate
CVE-2014-0213 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle's time-validation implementation allows bypassing intended restrictions Moderate
CVE-2014-0127 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not properly restrict file access Moderate
CVE-2014-0216 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not check for the moodle/course:viewhiddencourses capability Moderate
CVE-2014-0217 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle attackers to modify grade metadata Moderate
CVE-2014-2572 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to modify the visibility of a badge Moderate
CVE-2014-0129 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability Moderate
CVE-2014-0126 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle Reveals Student Information Meant To Be Anonymous Moderate
CVE-2014-0215 was published for moodle/moodle (Composer) May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle cross-site scripting (XSS) vulnerability Moderate
CVE-2014-0218 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4941 was published for moodle/moodle (Composer) May 13, 2022
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2013-4522 was published for moodle/moodle (Composer) May 13, 2022
AnonySE26
Credited to AnonySE26
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4940 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4942 was published for moodle/moodle (Composer) May 13, 2022
Moodle Arbitrary File Read via Backup Functionality Moderate
CVE-2012-6099 was published for moodle/moodle (Composer) May 13, 2022
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests Moderate
CVE-2012-6112 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not enforce the forceloginforprofiles setting Moderate
CVE-2013-1830 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle includes the WebDAV password in the configuration form Moderate
CVE-2013-1832 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle reveals absolute path in exception message Moderate
CVE-2013-1831 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle is vulnerable to Sensitive Information Disclosure Moderate
CVE-2013-2080 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows remote authenticated users to reassign notes Moderate
CVE-2013-1834 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not properly manage privileges for WebDAV repositories Moderate
CVE-2013-1836 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not enforce capability requirements for reading blog comments Moderate
CVE-2013-2082 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle Authentication Bypass in File Upload Moderate
CVE-2012-3387 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database