VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/54895?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/54895?format=api",
    "purl": "pkg:composer/moodle/moodle@3.4.0",
    "type": "composer",
    "namespace": "moodle",
    "name": "moodle",
    "version": "3.4.0",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "3.4.3",
    "latest_non_vulnerable_version": "5.1.2",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40837?format=api",
            "vulnerability_id": "VCID-336n-hpzg-euhd",
            "summary": "Cross-site Scripting\nThe 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.",
            "references": [
                {
                    "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808",
                    "reference_id": "CVE-2019-3808",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.7",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.2",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2"
                }
            ],
            "aliases": [
                "CVE-2019-3808"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40064?format=api",
            "vulnerability_id": "VCID-4rz2-b4e3-87g5",
            "summary": "Injection Vulnerability\nWhen a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=373371",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=373371"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104739",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104739"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10891",
                    "reference_id": "CVE-2018-10891",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10891"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56059?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56060?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.1"
                }
            ],
            "aliases": [
                "CVE-2018-10891"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rz2-b4e3-87g5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40068?format=api",
            "vulnerability_id": "VCID-8mgr-gdzj-4ybs",
            "summary": "Information Exposure\nA flaw was found in Moodle. It is possible for the `core_course_get_categories` web service to return hidden categories, which should be omitted when fetching course categories.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10890",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10890"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=373370",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=373370"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104738",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104738"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10890",
                    "reference_id": "CVE-2018-10890",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10890"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56059?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56060?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.1"
                }
            ],
            "aliases": [
                "CVE-2018-10890"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mgr-gdzj-4ybs"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39653?format=api",
            "vulnerability_id": "VCID-b7br-bh2d-rygp",
            "summary": "Improper Input Validation\nAn issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371204",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=371204"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104307",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104307"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1137",
                    "reference_id": "CVE-2018-1137",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1137"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3"
                }
            ],
            "aliases": [
                "CVE-2018-1137"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40471?format=api",
            "vulnerability_id": "VCID-bjnq-q2nd-1khp",
            "summary": "Cross-Site Request Forgery (CSRF)\nThe login form is not protected by a token to prevent login cross-site request forgery.",
            "references": [
                {
                    "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=378731",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=378731"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/106017",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/106017"
                },
                {
                    "reference_url": "http://www.securitytracker.com/id/1042154",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securitytracker.com/id/1042154"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16854",
                    "reference_id": "CVE-2018-16854",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16854"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57085?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.6",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-336n-hpzg-euhd"
                        },
                        {
                            "vulnerability": "VCID-k73h-z6j8-gkgz"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57086?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-336n-hpzg-euhd"
                        },
                        {
                            "vulnerability": "VCID-k73h-z6j8-gkgz"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3"
                }
            ],
            "aliases": [
                "CVE-2018-16854"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjnq-q2nd-1khp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39655?format=api",
            "vulnerability_id": "VCID-ckg1-9vpt-yfdk",
            "summary": "Improper Privilege Management\nAn issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371200",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=371200"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104307",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104307"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1134",
                    "reference_id": "CVE-2018-1134",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1134"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3"
                }
            ],
            "aliases": [
                "CVE-2018-1134"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41135?format=api",
            "vulnerability_id": "VCID-deur-8zdf-2kh2",
            "summary": "Improper Input Validation\nThe size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386524",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=386524"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134",
                    "reference_id": "CVE-2019-10134",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58256?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.9",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.9"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58257?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.6",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4"
                }
            ],
            "aliases": [
                "CVE-2019-10134"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=api",
            "vulnerability_id": "VCID-duna-st9c-mqbk",
            "summary": "Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364383",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=364383"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/102754",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/102754"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044",
                    "reference_id": "CVE-2018-1044",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-fygy-9njn-abgd"
                        },
                        {
                            "vulnerability": "VCID-m4zv-e3dn-budf"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"
                }
            ],
            "aliases": [
                "CVE-2018-1044"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39657?format=api",
            "vulnerability_id": "VCID-fegs-ubsk-63hu",
            "summary": "Information Exposure\nAn issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371201",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=371201"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104307",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104307"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1135",
                    "reference_id": "CVE-2018-1135",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1135"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3"
                }
            ],
            "aliases": [
                "CVE-2018-1135"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39537?format=api",
            "vulnerability_id": "VCID-fygy-9njn-abgd",
            "summary": "Improper Authentication\nA flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367939",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=367939"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/103725",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/103725"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1082",
                    "reference_id": "CVE-2018-1082",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1082"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-b7br-bh2d-rygp"
                        },
                        {
                            "vulnerability": "VCID-ckg1-9vpt-yfdk"
                        },
                        {
                            "vulnerability": "VCID-fegs-ubsk-63hu"
                        },
                        {
                            "vulnerability": "VCID-g8ct-c4ce-zuaf"
                        },
                        {
                            "vulnerability": "VCID-p2gd-7uam-mqf8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"
                }
            ],
            "aliases": [
                "CVE-2018-1082"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fygy-9njn-abgd"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39656?format=api",
            "vulnerability_id": "VCID-g8ct-c4ce-zuaf",
            "summary": "Cross-site Scripting\nAn issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371202",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=371202"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104307",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104307"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1136",
                    "reference_id": "CVE-2018-1136",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1136"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3"
                }
            ],
            "aliases": [
                "CVE-2018-1136"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=api",
            "vulnerability_id": "VCID-k73h-z6j8-gkgz",
            "summary": "Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.",
            "references": [
                {
                    "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810",
                    "reference_id": "CVE-2019-3810",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.7",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.2",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2"
                }
            ],
            "aliases": [
                "CVE-2019-3810"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=api",
            "vulnerability_id": "VCID-m4zv-e3dn-budf",
            "summary": "Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367938",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=367938"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/103728",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/103728"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081",
                    "reference_id": "CVE-2018-1081",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-b7br-bh2d-rygp"
                        },
                        {
                            "vulnerability": "VCID-ckg1-9vpt-yfdk"
                        },
                        {
                            "vulnerability": "VCID-fegs-ubsk-63hu"
                        },
                        {
                            "vulnerability": "VCID-g8ct-c4ce-zuaf"
                        },
                        {
                            "vulnerability": "VCID-p2gd-7uam-mqf8"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"
                }
            ],
            "aliases": [
                "CVE-2018-1081"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40067?format=api",
            "vulnerability_id": "VCID-mmg3-7fz9-5uak",
            "summary": "Inclusion of Sensitive Information in Log Files\nA flaw was found in Moodle. No option exists to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=373369",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=373369"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104733",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104733"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10889",
                    "reference_id": "CVE-2018-10889",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10889"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56059?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56060?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.1"
                }
            ],
            "aliases": [
                "CVE-2018-10889"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmg3-7fz9-5uak"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=api",
            "vulnerability_id": "VCID-nc2j-pay7-ryab",
            "summary": "Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364382",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=364382"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/102769",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/102769"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043",
                    "reference_id": "CVE-2018-1043",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-fygy-9njn-abgd"
                        },
                        {
                            "vulnerability": "VCID-m4zv-e3dn-budf"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"
                }
            ],
            "aliases": [
                "CVE-2018-1043"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39654?format=api",
            "vulnerability_id": "VCID-p2gd-7uam-mqf8",
            "summary": "Injection Vulnerability\nAn issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371199",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=371199"
                },
                {
                    "reference_url": "https://www.exploit-db.com/exploits/46551/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.exploit-db.com/exploits/46551/"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/104307",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/104307"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1133",
                    "reference_id": "CVE-2018-1133",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1133"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3"
                }
            ],
            "aliases": [
                "CVE-2018-1133"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41132?format=api",
            "vulnerability_id": "VCID-qxsq-ku22-r7gx",
            "summary": "URL Redirection to Untrusted Site (Open Redirect)\nThe form to upload cohorts contained a redirect field, which was not restricted to internal URLs.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386523",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=386523"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133",
                    "reference_id": "CVE-2019-10133",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58256?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.9",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.9"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58257?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.6",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4"
                }
            ],
            "aliases": [
                "CVE-2019-10133"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40842?format=api",
            "vulnerability_id": "VCID-r6kn-b963-eqge",
            "summary": "URL Redirection to Untrusted Site (Open Redirect)\nLinks within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850",
                    "reference_id": "CVE-2019-3850",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.8",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"
                }
            ],
            "aliases": [
                "CVE-2019-3850"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40847?format=api",
            "vulnerability_id": "VCID-s6uu-335k-yfbc",
            "summary": "Improper Input Validation\nUsers with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.",
            "references": [
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847",
                    "reference_id": "CVE-2019-3847",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.8",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.6.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-deur-8zdf-2kh2"
                        },
                        {
                            "vulnerability": "VCID-qxsq-ku22-r7gx"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"
                }
            ],
            "aliases": [
                "CVE-2019-3847"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40246?format=api",
            "vulnerability_id": "VCID-vfp6-4h8n-bkax",
            "summary": "Code Injection\nMoodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.",
            "references": [
                {
                    "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=376023",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=376023"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/105354",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/105354"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14630",
                    "reference_id": "CVE-2018-14630",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14630"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56462?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.5",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56463?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.2",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2"
                }
            ],
            "aliases": [
                "CVE-2018-14630"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfp6-4h8n-bkax"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40245?format=api",
            "vulnerability_id": "VCID-x9vd-njdz-jua9",
            "summary": "Cross-site Scripting\nMoodle is vulnerable to a boost theme; the `blog` search GET parameter is insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the `search` parameter.",
            "references": [
                {
                    "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631"
                },
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=376025",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=376025"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/105371",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/105371"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14631",
                    "reference_id": "CVE-2018-14631",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14631"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56462?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.5",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56463?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.5.2",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2"
                }
            ],
            "aliases": [
                "CVE-2018-14631"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9vd-njdz-jua9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=api",
            "vulnerability_id": "VCID-yghg-775s-vber",
            "summary": "Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364381",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=364381"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/102752",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/102752"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042",
                    "reference_id": "CVE-2018-1042",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.4.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-fygy-9njn-abgd"
                        },
                        {
                            "vulnerability": "VCID-m4zv-e3dn-budf"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"
                }
            ],
            "aliases": [
                "CVE-2018-1042"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.0"
}

Package Instance