Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@3.4.2
purl pkg:composer/moodle/moodle@3.4.2
Next non-vulnerable version 4.1.10
Latest non-vulnerable version 5.1.2
Risk 4.0
Vulnerabilities affecting this package (84)
Vulnerability Summary Fixed by
VCID-1ptb-sx63-tkc1
Aliases:
CVE-2021-36401
GHSA-g6h6-4fp6-w33w
Moodle vulnerable to Stored Cross-site Scripting In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-1ss5-fhjw-sfer
Aliases:
CVE-2021-36400
GHSA-35wf-3wq2-r3hx
Moodle has Incorrect Default Permissions In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-1vxe-caqu-kqab
Aliases:
CVE-2023-28332
GHSA-9f45-9qrw-pp4v
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-2avg-qvn9-bkdn
Aliases:
CVE-2019-3808
GHSA-4r2p-wpv5-683w
Cross-site Scripting The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.
3.4.7
Affected by 71 other vulnerabilities.
3.5.4
Affected by 90 other vulnerabilities.
3.6.2
Affected by 73 other vulnerabilities.
VCID-2et6-3ejg-27b8
Aliases:
CVE-2021-32473
GHSA-wx87-h539-4775
Exposure of Sensitive Information to an Unauthorized Actor It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
3.5.18
Affected by 49 other vulnerabilities.
3.8.9
Affected by 45 other vulnerabilities.
3.9.7
Affected by 78 other vulnerabilities.
3.10.4
Affected by 42 other vulnerabilities.
VCID-2k9q-b84j-ryef
Aliases:
CVE-2024-28593
GHSA-f6mh-79vh-2hv7
Cross-site Scripting in Moodle Chat The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle." There are no reported fixed by versions.
VCID-3pgc-yptg-tuaa
Aliases:
CVE-2023-5545
GHSA-26fg-v32r-h663
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability H5P metadata automatically populated the author with the user's username, which could be sensitive information.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-3r3j-bqzm-5ufz
Aliases:
CVE-2019-10154
GHSA-ww45-x87c-wgff
Improper Access Control A web service fetching messages was not restricted to the current user's conversations.
3.6.4
Affected by 64 other vulnerabilities.
VCID-4k5r-agwn-ruea
Aliases:
CVE-2023-35133
GHSA-xxp4-mf4h-6cwm
Server-Side Request Forgery (SSRF) An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
3.9.22
Affected by 20 other vulnerabilities.
3.11.15
Affected by 19 other vulnerabilities.
4.0.9
Affected by 21 other vulnerabilities.
4.1.4
Affected by 21 other vulnerabilities.
4.2.1
Affected by 20 other vulnerabilities.
VCID-4s7h-83dq-aua7
Aliases:
CVE-2021-20184
GHSA-mm73-86f9-5x5c
3.8.7
Affected by 60 other vulnerabilities.
3.9.4
Affected by 89 other vulnerabilities.
3.10.1
Affected by 54 other vulnerabilities.
VCID-57pd-ath8-1yf9
Aliases:
CVE-2023-5539
GHSA-3xxm-3g3c-w579
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-5dx5-3bx2-s3fs
Aliases:
CVE-2024-1439
GHSA-5p2x-8427-9fgp
Improper Access Control Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
4.2.1
Affected by 20 other vulnerabilities.
VCID-5fmt-yw7g-rkf2
Aliases:
CVE-2021-36392
GHSA-qc86-vgf2-6fq6
Moodle SQL Injection vulnerability In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-5gh4-58jt-dfet
Aliases:
CVE-2023-1402
GHSA-vj5p-fp42-774p
Moodle may display roles to users who don't have access to them The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-6fhq-4w4f-dqcf
Aliases:
CVE-2021-36393
GHSA-f46j-r7q3-6cm2
Moodle SQL Injection vulnerability In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-6x4n-my8x-sbfg
Aliases:
CVE-2021-32476
GHSA-4qxc-qxrp-33cw
Uncontrolled Resource Consumption A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
3.5.18
Affected by 49 other vulnerabilities.
3.8.9
Affected by 45 other vulnerabilities.
3.9.7
Affected by 78 other vulnerabilities.
3.10.4
Affected by 42 other vulnerabilities.
VCID-75sn-ew8w-f7a6
Aliases:
CVE-2021-36394
GHSA-2563-fp9c-mgm8
Moodle Session Fixation vulnerability In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-7zmr-qupd-4fg6
Aliases:
CVE-2024-29374
GHSA-3qw5-v9cc-v262
Cross site scripting in moodle A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter.
3.10.10
Affected by 14 other vulnerabilities.
VCID-97gg-fuah-jqcq
Aliases:
CVE-2023-28329
GHSA-72w2-j52c-7682
Moodle SQL Injection vulnerability Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-9cbt-2fg9-pyd7
Aliases:
CVE-2024-25978
GHSA-487g-3m3v-hjhq
Uncontrolled Resource Consumption Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-9rv1-hn65-dbhe
Aliases:
CVE-2023-5540
GHSA-w8x2-w4qr-v3x4
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-a195-b6wc-xkbv
Aliases:
CVE-2023-28330
GHSA-56r9-72vx-q989
Moodle arbitrary file read vulnerability Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-a7n4-f1nk-vqec
Aliases:
CVE-2021-20183
GHSA-xhfx-rm8q-c3xv
3.10.1
Affected by 54 other vulnerabilities.
4.0.0-beta
Affected by 12 other vulnerabilities.
VCID-a8pk-18gr-mubw
Aliases:
CVE-2023-5551
GHSA-jr83-8x65-xcr5
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-a8sa-7ed7-wbby
Aliases:
CVE-2021-32475
GHSA-5wjh-v7c8-wrhx
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
3.5.18
Affected by 49 other vulnerabilities.
3.8.9
Affected by 45 other vulnerabilities.
3.9.7
Affected by 78 other vulnerabilities.
3.10.4
Affected by 42 other vulnerabilities.
VCID-affq-4sqk-p7ad
Aliases:
CVE-2023-28331
GHSA-77jm-f3vj-xvx2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-ajnx-w4at-7fgp
Aliases:
CVE-2021-20187
GHSA-2jrm-gww7-wch2
3.5.16
Affected by 60 other vulnerabilities.
3.8.7
Affected by 60 other vulnerabilities.
3.9.4
Affected by 89 other vulnerabilities.
3.10.1
Affected by 54 other vulnerabilities.
VCID-bake-gya4-m7ex
Aliases:
CVE-2023-5542
GHSA-8mm2-m2gp-c6x2
Moodle Improper Access Control vulnerability Students in "Only see own membership" groups could see other students in the group, which should be hidden.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-cf2z-a3h4-jkhf
Aliases:
CVE-2022-0333
GHSA-m434-m5pv-p35w
Incorrect Authorization The `calendar:manageentries` capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
3.9.0-beta
Affected by 44 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.9.12
Affected by 54 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.10.9
Affected by 18 other vulnerabilities.
3.11.5
Affected by 56 other vulnerabilities.
VCID-d17g-sacy-nkfw
Aliases:
CVE-2018-10890
GHSA-5w4h-xrr5-7273
Information Exposure A flaw was found in Moodle. It is possible for the `core_course_get_categories` web service to return hidden categories, which should be omitted when fetching course categories.
3.4.4
Affected by 76 other vulnerabilities.
3.5.1
Affected by 96 other vulnerabilities.
VCID-d2au-r7m3-cyc8
Aliases:
CVE-2019-10189
GHSA-h7xp-7fjp-ghhc
3.5.7
Affected by 78 other vulnerabilities.
3.6.5
Affected by 60 other vulnerabilities.
3.7.1
Affected by 71 other vulnerabilities.
VCID-d9xk-d7zc-rbeq
Aliases:
CVE-2018-1136
GHSA-xhfw-wjjc-4j5h
Cross-site Scripting An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
3.4.3
Affected by 79 other vulnerabilities.
VCID-ddhz-2dzr-9yg6
Aliases:
CVE-2021-36403
GHSA-j9cw-5cpj-9qj5
Moodle has a Hidden Functionality vulnerability In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-dhu5-3tda-2qfx
Aliases:
CVE-2021-20186
GHSA-h8m4-h385-qhqv
3.5.16
Affected by 60 other vulnerabilities.
3.8.7
Affected by 60 other vulnerabilities.
3.9.4
Affected by 89 other vulnerabilities.
3.10.1
Affected by 54 other vulnerabilities.
VCID-dxn4-ry85-43dp
Aliases:
CVE-2018-1135
GHSA-vxmv-74rf-vqgp
Information Exposure An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
3.4.3
Affected by 79 other vulnerabilities.
VCID-e52k-bb2k-tbgh
Aliases:
CVE-2021-43558
GHSA-wpfp-q843-v772
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.
3.8.9
Affected by 45 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.11.4
Affected by 60 other vulnerabilities.
VCID-ea8q-937e-37fm
Aliases:
CVE-2021-36402
GHSA-gv8f-43pg-c5qw
Moodle Improper Input Validation vulnerability In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-eb8w-rqef-sqca
Aliases:
CVE-2019-3849
GHSA-5wg9-5w3f-hxmh
Improper Authorization Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
3.4.8
Affected by 67 other vulnerabilities.
3.5.5
Affected by 85 other vulnerabilities.
3.6.3
Affected by 67 other vulnerabilities.
VCID-ehpf-6ra7-syfy
Aliases:
CVE-2018-14630
GHSA-c3pr-h96w-2jjg
Code Injection Moodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
3.4.5
Affected by 74 other vulnerabilities.
3.5.2
Affected by 94 other vulnerabilities.
VCID-eq8q-vrca-xbdb
Aliases:
CVE-2021-40691
GHSA-92vh-mr2w-j2cr
3.9.10
Affected by 61 other vulnerabilities.
3.10.7
Affected by 25 other vulnerabilities.
3.11.3
Affected by 64 other vulnerabilities.
VCID-exk5-1mmz-7kep
Aliases:
CVE-2021-40693
GHSA-2jxg-mv2m-j4r7
3.9.10
Affected by 61 other vulnerabilities.
3.10.7
Affected by 25 other vulnerabilities.
3.11.3
Affected by 64 other vulnerabilities.
VCID-ez7x-sprg-effa
Aliases:
CVE-2018-1133
GHSA-xh2j-q4mc-v522
Injection Vulnerability An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
3.4.3
Affected by 79 other vulnerabilities.
VCID-fb4d-p8pw-yka4
Aliases:
CVE-2023-5550
GHSA-5cvx-cwpx-9rjh
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-fj1x-be1c-h3c4
Aliases:
CVE-2022-0334
GHSA-93pj-4p65-qmr9
Exposure of Resource to Wrong Sphere Insufficient capability checks could lead to users accessing their grade report for courses where they does not have the required `gradereport/user:view` capability.
3.9.0-beta
Affected by 44 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.9.12
Affected by 54 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.10.9
Affected by 18 other vulnerabilities.
3.11.5
Affected by 56 other vulnerabilities.
VCID-fvkk-381y-1kcb
Aliases:
CVE-2021-43559
GHSA-3jrj-x6cj-97cp
Cross-Site Request Forgery (CSRF) The `delete related badge` functionality does not include the necessary token check to prevent a CSRF risk.
3.8.9
Affected by 45 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.11.4
Affected by 60 other vulnerabilities.
VCID-fx3x-sc7h-guhb
Aliases:
CVE-2020-14321
GHSA-9q29-jcjw-fw7h
3.5.13
Affected by 70 other vulnerabilities.
3.7.7
Affected by 60 other vulnerabilities.
3.8.4
Affected by 73 other vulnerabilities.
3.9.1
Affected by 104 other vulnerabilities.
VCID-gqwn-qskg-qbc7
Aliases:
CVE-2023-5548
GHSA-cwh2-q44x-5w3c
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-gt8k-6dg8-qqa8
Aliases:
CVE-2018-1137
GHSA-vxqh-mx28-7ghw
Improper Input Validation An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
3.4.3
Affected by 79 other vulnerabilities.
VCID-gtpy-dhmm-mufn
Aliases:
CVE-2018-16854
GHSA-xj5f-qv37-r9jc
Cross-Site Request Forgery (CSRF) The login form is not protected by a token to prevent login cross-site request forgery.
3.4.6
Affected by 73 other vulnerabilities.
3.5.3
Affected by 93 other vulnerabilities.
VCID-hurp-xp2w-wbcp
Aliases:
CVE-2019-3810
GHSA-wm4w-8vc6-2j4h
Information Exposure The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
3.4.6
Affected by 73 other vulnerabilities.
3.4.7
Affected by 71 other vulnerabilities.
3.5.3
Affected by 93 other vulnerabilities.
3.5.4
Affected by 90 other vulnerabilities.
3.6.1
Affected by 75 other vulnerabilities.
3.6.2
Affected by 73 other vulnerabilities.
VCID-jc4y-cpn8-6kgs
Aliases:
CVE-2023-35132
GHSA-49mv-vfcp-8gg9
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
3.9.22
Affected by 20 other vulnerabilities.
3.11.15
Affected by 19 other vulnerabilities.
4.0.9
Affected by 21 other vulnerabilities.
4.1.4
Affected by 21 other vulnerabilities.
4.2.1
Affected by 20 other vulnerabilities.
VCID-k249-a5wk-2fcs
Aliases:
CVE-2019-10186
GHSA-wv9c-pfpm-4wc5
3.5.7
Affected by 78 other vulnerabilities.
3.6.5
Affected by 60 other vulnerabilities.
3.7.1
Affected by 71 other vulnerabilities.
VCID-k72d-w9wa-m7b5
Aliases:
CVE-2018-1134
GHSA-xjx9-7c29-pwmm
Improper Privilege Management An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
3.4.3
Affected by 79 other vulnerabilities.
VCID-kys8-9mu7-w7dn
Aliases:
CVE-2019-18210
GHSA-q6vw-27c6-jv9c
3.7.3
Affected by 65 other vulnerabilities.
VCID-mkuq-tdbg-t3ce
Aliases:
CVE-2022-0335
GHSA-xpfv-89vg-r562
Cross-Site Request Forgery (CSRF) The `delete badge alignment` functionality does not include the necessary token check to prevent a CSRF risk.
3.9.0-beta
Affected by 44 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.9.12
Affected by 54 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.10.9
Affected by 18 other vulnerabilities.
3.11.5
Affected by 56 other vulnerabilities.
VCID-nbpz-vdd1-w3ae
Aliases:
CVE-2019-3847
GHSA-qrcj-6fjw-3h9h
Improper Input Validation Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
3.4.8
Affected by 67 other vulnerabilities.
3.5.5
Affected by 85 other vulnerabilities.
3.6.3
Affected by 67 other vulnerabilities.
VCID-nh3b-9waz-rfe5
Aliases:
CVE-2022-40208
GHSA-948f-j464-rfj2
Moodle may allow students to bypass sequential navigation during a quiz attempt In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
3.9.16
Affected by 40 other vulnerabilities.
3.11.9
Affected by 41 other vulnerabilities.
4.0.3
Affected by 44 other vulnerabilities.
VCID-nr96-4dtm-kbf9
Aliases:
CVE-2023-28334
GHSA-hh52-g5c4-wprh
Moodle may allow authenticated users to enumerate other user's names via learning plans page Authenticated users were able to enumerate other users' names via the learning plans page.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-p9vn-r312-1beg
Aliases:
CVE-2023-5549
GHSA-fm5h-58g2-4m3f
Moodle Improper Access Control vulnerability Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.
3.9.24
Affected by 10 other vulnerabilities.
3.11.17
Affected by 9 other vulnerabilities.
4.0.11
Affected by 9 other vulnerabilities.
4.1.6
Affected by 9 other vulnerabilities.
4.2.3
Affected by 8 other vulnerabilities.
4.3.0-rc2
Affected by 1 other vulnerability.
VCID-q6jz-y9dj-27gp
Aliases:
CVE-2021-36396
GHSA-4rmj-w58m-fvch
Moodle vulnerable to Server-Side Request Forgery In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-qfmd-5exc-c3f3
Aliases:
CVE-2019-10134
GHSA-j8wr-7xxj-c2fr
Improper Input Validation The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
3.4.9
Affected by 65 other vulnerabilities.
3.5.6
Affected by 83 other vulnerabilities.
3.6.4
Affected by 64 other vulnerabilities.
VCID-qnn9-5vhh-nkd8
Aliases:
CVE-2019-3848
GHSA-45rw-4r25-jvg7
Information Exposure Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.
3.4.8
Affected by 67 other vulnerabilities.
3.5.5
Affected by 85 other vulnerabilities.
3.6.3
Affected by 67 other vulnerabilities.
VCID-qp5w-2ee9-dkfy
Aliases:
CVE-2021-36397
GHSA-2wmj-8mqg-r9q8
Moodle has Incorrect Default Permissions In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-qpm9-vvpu-b7dd
Aliases:
CVE-2024-25979
GHSA-6vjf-48fh-vxxj
Improper Handling of Parameters in moodle The URL parameters accepted by forum search were not limited to the allowed parameters.
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-r6s9-x771-yka8
Aliases:
CVE-2024-25980
GHSA-cp8m-h777-g4p3
Improper Access Control in moodle Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-s8ph-ghzm-q7c5
Aliases:
CVE-2019-10187
GHSA-2mg9-hv69-897x
3.5.7
Affected by 78 other vulnerabilities.
3.6.5
Affected by 60 other vulnerabilities.
3.7.1
Affected by 71 other vulnerabilities.
VCID-svds-tck8-rqce
Aliases:
CVE-2021-32478
GHSA-78fm-qhh8-8858
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
3.8.9
Affected by 45 other vulnerabilities.
3.9.7
Affected by 78 other vulnerabilities.
3.10.4
Affected by 42 other vulnerabilities.
VCID-thj1-tjk1-vffu
Aliases:
CVE-2024-25983
GHSA-9r26-5w88-qhp9
Authorization Bypass in moodle Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-u843-6ku8-6bh7
Aliases:
CVE-2018-10891
GHSA-p7v9-gjrh-563x
Injection Vulnerability When a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
3.4.4
Affected by 76 other vulnerabilities.
3.5.1
Affected by 96 other vulnerabilities.
VCID-useh-xm73-zub8
Aliases:
CVE-2018-14631
GHSA-gqrp-qhv8-phrv
Cross-site Scripting Moodle is vulnerable to a boost theme; the `blog` search GET parameter is insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the `search` parameter.
3.4.5
Affected by 74 other vulnerabilities.
3.5.2
Affected by 94 other vulnerabilities.
VCID-v54f-39qq-qbgr
Aliases:
CVE-2021-36395
GHSA-273w-7fxj-pcp6
Moodle vulnerable to Uncontrolled Resource Consumption In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-v9pe-asg8-37hv
Aliases:
CVE-2023-28336
GHSA-prjm-2fj2-787f
Moodle may allow teachers to access the names of users they could not otherwise access Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
3.9.20
Affected by 23 other vulnerabilities.
3.11.13
Affected by 23 other vulnerabilities.
4.0.7
Affected by 25 other vulnerabilities.
4.1.2
Affected by 26 other vulnerabilities.
VCID-vgwe-53vc-m7gn
Aliases:
CVE-2021-40694
GHSA-m37g-mwcg-7j7v
3.9.10
Affected by 61 other vulnerabilities.
3.10.7
Affected by 25 other vulnerabilities.
3.11.3
Affected by 64 other vulnerabilities.
VCID-vvn1-xus3-qbg2
Aliases:
CVE-2024-25981
GHSA-jfrg-9hpq-9hvp
Improper Access Control in moodle Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-wc31-v1d5-jydh
Aliases:
CVE-2021-43560
GHSA-g39c-mccf-rxjv
Exposure of Resource to Wrong Sphere Insufficient capability checks made it possible to fetch other users' calendar action events.
3.8.9
Affected by 45 other vulnerabilities.
3.9.11
Affected by 57 other vulnerabilities.
3.10.8
Affected by 21 other vulnerabilities.
3.11.4
Affected by 60 other vulnerabilities.
VCID-x2e5-m5rs-7qfr
Aliases:
CVE-2019-10133
GHSA-5xp2-rv4h-mm2q
URL Redirection to Untrusted Site (Open Redirect) The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
3.4.9
Affected by 65 other vulnerabilities.
3.5.6
Affected by 83 other vulnerabilities.
3.6.4
Affected by 64 other vulnerabilities.
VCID-x3gw-ztjq-ebbu
Aliases:
CVE-2020-1692
GHSA-9328-7pcw-vw69
3.7.2
Affected by 69 other vulnerabilities.
VCID-xktx-amv6-gbh2
Aliases:
CVE-2019-3850
GHSA-3fj7-9j8m-7r8g
URL Redirection to Untrusted Site (Open Redirect) Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.
3.4.8
Affected by 67 other vulnerabilities.
3.5.5
Affected by 85 other vulnerabilities.
3.6.3
Affected by 67 other vulnerabilities.
VCID-xshn-mgvc-xyf9
Aliases:
CVE-2021-36399
GHSA-79jp-m64f-pgrc
Moodle Cross-site Scripting vulnerability In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
3.9.8
Affected by 66 other vulnerabilities.
3.10.5
Affected by 30 other vulnerabilities.
3.11.1
Affected by 69 other vulnerabilities.
VCID-y219-hufv-tkds
Aliases:
CVE-2019-10188
GHSA-92q5-2h76-vgmj
3.5.7
Affected by 78 other vulnerabilities.
3.6.5
Affected by 60 other vulnerabilities.
3.7.1
Affected by 71 other vulnerabilities.
VCID-ybpa-c7eh-syam
Aliases:
CVE-2024-25982
GHSA-7pjp-fm93-p6pj
Cross-Site Request Forgery in moodle The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
4.1.9
Affected by 2 other vulnerabilities.
4.2.6
Affected by 1 other vulnerability.
4.3.3
Affected by 1 other vulnerability.
VCID-yq9c-xav3-e3bv
Aliases:
CVE-2018-10889
GHSA-wmvq-q9h8-7j4g
Inclusion of Sensitive Information in Log Files A flaw was found in Moodle. No option exists to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.
3.4.4
Affected by 76 other vulnerabilities.
3.5.1
Affected by 96 other vulnerabilities.
VCID-yyb2-961k-qyet
Aliases:
CVE-2022-0985
GHSA-6q9g-3vfq-q2qj
Improper Authentication Insufficient capability checks could allow users with the `moodle/site:uploadusers` capability to delete users, without having the necessary `moodle/user:delete` capability.
3.9.13
Affected by 51 other vulnerabilities.
3.10.10
Affected by 14 other vulnerabilities.
3.11.6
Affected by 53 other vulnerabilities.
VCID-zn3y-sq7h-83h9
Aliases:
CVE-2021-32474
GHSA-rvmc-8gmg-ggqr
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
3.5.18
Affected by 49 other vulnerabilities.
3.8.9
Affected by 45 other vulnerabilities.
3.9.7
Affected by 78 other vulnerabilities.
3.10.4
Affected by 42 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-jrf4-ua1a-cfcr Improper Access Control Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. CVE-2018-1081
GHSA-v9xq-vh72-chr4
VCID-vx5n-esff-fqew Improper Authentication A flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. CVE-2018-1082
GHSA-qh8m-6g4p-33h3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T07:56:40.750951+00:00 GitLab Importer Affected by VCID-2k9q-b84j-ryef https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-28593.yml 38.6.0
2026-06-01T07:56:28.401171+00:00 GitLab Importer Affected by VCID-7zmr-qupd-4fg6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-29374.yml 38.6.0
2026-06-01T07:52:22.514614+00:00 GitLab Importer Affected by VCID-qpm9-vvpu-b7dd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25979.yml 38.6.0
2026-06-01T07:52:20.575361+00:00 GitLab Importer Affected by VCID-ybpa-c7eh-syam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25982.yml 38.6.0
2026-06-01T07:52:17.390569+00:00 GitLab Importer Affected by VCID-vvn1-xus3-qbg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25981.yml 38.6.0
2026-06-01T07:52:15.447342+00:00 GitLab Importer Affected by VCID-r6s9-x771-yka8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25980.yml 38.6.0
2026-06-01T07:52:13.481783+00:00 GitLab Importer Affected by VCID-9cbt-2fg9-pyd7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25978.yml 38.6.0
2026-06-01T07:52:11.554467+00:00 GitLab Importer Affected by VCID-thj1-tjk1-vffu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-25983.yml 38.6.0
2026-06-01T07:51:39.984159+00:00 GitLab Importer Affected by VCID-5dx5-3bx2-s3fs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2024-1439.yml 38.6.0
2026-06-01T07:41:59.414407+00:00 GitLab Importer Affected by VCID-bake-gya4-m7ex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5542.yml 38.6.0
2026-06-01T07:41:58.156574+00:00 GitLab Importer Affected by VCID-9rv1-hn65-dbhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5540.yml 38.6.0
2026-06-01T07:41:57.229448+00:00 GitLab Importer Affected by VCID-a8pk-18gr-mubw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5551.yml 38.6.0
2026-06-01T07:41:55.806560+00:00 GitLab Importer Affected by VCID-gqwn-qskg-qbc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5548.yml 38.6.0
2026-06-01T07:41:54.884713+00:00 GitLab Importer Affected by VCID-57pd-ath8-1yf9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5539.yml 38.6.0
2026-06-01T07:41:53.408088+00:00 GitLab Importer Affected by VCID-p9vn-r312-1beg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5549.yml 38.6.0
2026-06-01T07:41:52.490221+00:00 GitLab Importer Affected by VCID-3pgc-yptg-tuaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5545.yml 38.6.0
2026-06-01T07:41:51.366725+00:00 GitLab Importer Affected by VCID-fb4d-p8pw-yka4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-5550.yml 38.6.0
2026-06-01T07:30:27.851380+00:00 GitLab Importer Affected by VCID-4k5r-agwn-ruea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-35133.yml 38.6.0
2026-06-01T07:30:20.606108+00:00 GitLab Importer Affected by VCID-jc4y-cpn8-6kgs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-35132.yml 38.6.0
2026-06-01T07:21:47.081400+00:00 GitLab Importer Affected by VCID-nh3b-9waz-rfe5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2022-40208.yml 38.6.0
2026-06-01T07:21:25.538146+00:00 GitLab Importer Affected by VCID-5gh4-58jt-dfet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-1402.yml 38.6.0
2026-06-01T07:21:22.872251+00:00 GitLab Importer Affected by VCID-nr96-4dtm-kbf9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28334.yml 38.6.0
2026-06-01T07:21:19.863631+00:00 GitLab Importer Affected by VCID-v9pe-asg8-37hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28336.yml 38.6.0
2026-06-01T07:21:17.797138+00:00 GitLab Importer Affected by VCID-1vxe-caqu-kqab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28332.yml 38.6.0
2026-06-01T07:21:16.139278+00:00 GitLab Importer Affected by VCID-97gg-fuah-jqcq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28329.yml 38.6.0
2026-06-01T07:21:14.245988+00:00 GitLab Importer Affected by VCID-affq-4sqk-p7ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28331.yml 38.6.0
2026-06-01T07:21:12.669632+00:00 GitLab Importer Affected by VCID-a195-b6wc-xkbv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28330.yml 38.6.0
2026-06-01T07:20:16.315898+00:00 GitLab Importer Affected by VCID-xshn-mgvc-xyf9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36399.yml 38.6.0
2026-06-01T07:20:08.573803+00:00 GitLab Importer Affected by VCID-1ptb-sx63-tkc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36401.yml 38.6.0
2026-06-01T07:20:06.998602+00:00 GitLab Importer Affected by VCID-1ss5-fhjw-sfer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36400.yml 38.6.0
2026-06-01T07:20:05.520532+00:00 GitLab Importer Affected by VCID-q6jz-y9dj-27gp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36396.yml 38.6.0
2026-06-01T07:20:04.049101+00:00 GitLab Importer Affected by VCID-qp5w-2ee9-dkfy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36397.yml 38.6.0
2026-06-01T07:19:59.518744+00:00 GitLab Importer Affected by VCID-v54f-39qq-qbgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36395.yml 38.6.0
2026-06-01T07:19:58.050911+00:00 GitLab Importer Affected by VCID-5fmt-yw7g-rkf2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36392.yml 38.6.0
2026-06-01T07:19:55.904328+00:00 GitLab Importer Affected by VCID-ea8q-937e-37fm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36402.yml 38.6.0
2026-06-01T07:19:53.396974+00:00 GitLab Importer Affected by VCID-ddhz-2dzr-9yg6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36403.yml 38.6.0
2026-06-01T07:19:51.910610+00:00 GitLab Importer Affected by VCID-75sn-ew8w-f7a6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36394.yml 38.6.0
2026-06-01T07:19:49.496850+00:00 GitLab Importer Affected by VCID-6fhq-4w4f-dqcf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-36393.yml 38.6.0
2026-06-01T07:05:51.318995+00:00 GitLab Importer Affected by VCID-vgwe-53vc-m7gn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-40694.yml 38.6.0
2026-06-01T07:05:49.351526+00:00 GitLab Importer Affected by VCID-eq8q-vrca-xbdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-40691.yml 38.6.0
2026-06-01T07:05:47.793129+00:00 GitLab Importer Affected by VCID-exk5-1mmz-7kep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-40693.yml 38.6.0
2026-06-01T07:00:40.393020+00:00 GitLab Importer Affected by VCID-fx3x-sc7h-guhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2020-14321.yml 38.6.0
2026-06-01T06:36:59.939442+00:00 GitLab Importer Affected by VCID-yyb2-961k-qyet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2022-0985.yml 38.6.0
2026-06-01T06:32:40.629188+00:00 GitLab Importer Affected by VCID-2et6-3ejg-27b8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-32473.yml 38.6.0
2026-06-01T06:32:39.376597+00:00 GitLab Importer Affected by VCID-zn3y-sq7h-83h9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-32474.yml 38.6.0
2026-06-01T06:32:37.515004+00:00 GitLab Importer Affected by VCID-svds-tck8-rqce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-32478.yml 38.6.0
2026-06-01T06:32:33.501766+00:00 GitLab Importer Affected by VCID-6x4n-my8x-sbfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-32476.yml 38.6.0
2026-06-01T06:32:31.584638+00:00 GitLab Importer Affected by VCID-a8sa-7ed7-wbby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-32475.yml 38.6.0
2026-06-01T06:27:09.606214+00:00 GitLab Importer Affected by VCID-mkuq-tdbg-t3ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2022-0335.yml 38.6.0
2026-06-01T06:27:08.131956+00:00 GitLab Importer Affected by VCID-cf2z-a3h4-jkhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2022-0333.yml 38.6.0
2026-06-01T06:27:06.312840+00:00 GitLab Importer Affected by VCID-fj1x-be1c-h3c4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2022-0334.yml 38.6.0
2026-06-01T06:22:50.419144+00:00 GitLab Importer Affected by VCID-wc31-v1d5-jydh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-43560.yml 38.6.0
2026-06-01T06:22:48.033871+00:00 GitLab Importer Affected by VCID-e52k-bb2k-tbgh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-43558.yml 38.6.0
2026-06-01T06:22:46.547945+00:00 GitLab Importer Affected by VCID-fvkk-381y-1kcb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-43559.yml 38.6.0
2026-06-01T06:01:39.281142+00:00 GitLab Importer Affected by VCID-4s7h-83dq-aua7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-20184.yml 38.6.0
2026-06-01T06:01:34.859683+00:00 GitLab Importer Affected by VCID-ajnx-w4at-7fgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-20187.yml 38.6.0
2026-06-01T06:01:33.499291+00:00 GitLab Importer Affected by VCID-a7n4-f1nk-vqec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-20183.yml 38.6.0
2026-06-01T06:01:29.724300+00:00 GitLab Importer Affected by VCID-dhu5-3tda-2qfx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2021-20186.yml 38.6.0
2026-05-31T11:33:37.837452+00:00 GithubOSV Importer Fixing VCID-jrf4-ua1a-cfcr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v9xq-vh72-chr4/GHSA-v9xq-vh72-chr4.json 38.6.0
2026-05-31T11:26:24.171551+00:00 GithubOSV Importer Fixing VCID-vx5n-esff-fqew https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh8m-6g4p-33h3/GHSA-qh8m-6g4p-33h3.json 38.6.0
2026-05-31T10:02:50.982140+00:00 GitLab Importer Affected by VCID-x3gw-ztjq-ebbu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2020-1692.yml 38.6.0
2026-05-31T10:02:37.075524+00:00 GitLab Importer Affected by VCID-kys8-9mu7-w7dn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-18210.yml 38.6.0
2026-05-31T09:58:26.392401+00:00 GitLab Importer Affected by VCID-s8ph-ghzm-q7c5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10187.yml 38.6.0
2026-05-31T09:58:25.631664+00:00 GitLab Importer Affected by VCID-d2au-r7m3-cyc8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10189.yml 38.6.0
2026-05-31T09:58:24.868201+00:00 GitLab Importer Affected by VCID-k249-a5wk-2fcs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10186.yml 38.6.0
2026-05-31T09:58:24.102734+00:00 GitLab Importer Affected by VCID-y219-hufv-tkds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10188.yml 38.6.0
2026-05-31T09:57:44.033768+00:00 GitLab Importer Affected by VCID-qfmd-5exc-c3f3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10134.yml 38.6.0
2026-05-31T09:57:43.782266+00:00 GitLab Importer Affected by VCID-3r3j-bqzm-5ufz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10154.yml 38.6.0
2026-05-31T09:57:42.378956+00:00 GitLab Importer Affected by VCID-x2e5-m5rs-7qfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-10133.yml 38.6.0
2026-05-31T09:55:05.827229+00:00 GitLab Importer Affected by VCID-nbpz-vdd1-w3ae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3847.yml 38.6.0
2026-05-31T09:55:02.298863+00:00 GitLab Importer Affected by VCID-qnn9-5vhh-nkd8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3848.yml 38.6.0
2026-05-31T09:55:01.715942+00:00 GitLab Importer Affected by VCID-xktx-amv6-gbh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3850.yml 38.6.0
2026-05-31T09:55:00.988550+00:00 GitLab Importer Affected by VCID-eb8w-rqef-sqca https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3849.yml 38.6.0
2026-05-31T09:54:59.276199+00:00 GitLab Importer Affected by VCID-2avg-qvn9-bkdn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3808.yml 38.6.0
2026-05-31T09:54:58.008147+00:00 GitLab Importer Affected by VCID-hurp-xp2w-wbcp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3810.yml 38.6.0
2026-05-31T09:52:09.970247+00:00 GitLab Importer Affected by VCID-gtpy-dhmm-mufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-16854.yml 38.6.0
2026-05-31T09:49:30.172171+00:00 GitLab Importer Affected by VCID-ehpf-6ra7-syfy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-14630.yml 38.6.0
2026-05-31T09:49:29.667438+00:00 GitLab Importer Affected by VCID-useh-xm73-zub8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-14631.yml 38.6.0
2026-05-31T09:47:52.603432+00:00 GitLab Importer Affected by VCID-d17g-sacy-nkfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-10890.yml 38.6.0
2026-05-31T09:47:52.383099+00:00 GitLab Importer Affected by VCID-yq9c-xav3-e3bv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-10889.yml 38.6.0
2026-05-31T09:47:51.331456+00:00 GitLab Importer Affected by VCID-u843-6ku8-6bh7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-10891.yml 38.6.0
2026-05-31T00:57:39.523039+00:00 GHSA Importer Fixing VCID-vx5n-esff-fqew https://github.com/advisories/GHSA-qh8m-6g4p-33h3 38.6.0
2026-05-31T00:57:21.663864+00:00 GHSA Importer Fixing VCID-jrf4-ua1a-cfcr https://github.com/advisories/GHSA-v9xq-vh72-chr4 38.6.0
2026-05-30T20:53:37.613662+00:00 GitLab Importer Affected by VCID-dxn4-ry85-43dp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1135.yml 38.6.0
2026-05-30T20:53:37.472256+00:00 GitLab Importer Affected by VCID-d9xk-d7zc-rbeq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1136.yml 38.6.0
2026-05-30T20:53:37.329666+00:00 GitLab Importer Affected by VCID-k72d-w9wa-m7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1134.yml 38.6.0
2026-05-30T20:53:37.187033+00:00 GitLab Importer Affected by VCID-ez7x-sprg-effa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1133.yml 38.6.0
2026-05-30T20:53:37.027956+00:00 GitLab Importer Affected by VCID-gt8k-6dg8-qqa8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1137.yml 38.6.0
2026-05-30T20:53:32.136907+00:00 GitLab Importer Fixing VCID-vx5n-esff-fqew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1082.yml 38.6.0
2026-05-30T20:53:32.076050+00:00 GitLab Importer Fixing VCID-jrf4-ua1a-cfcr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1081.yml 38.6.0