Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/79983?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.9.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.9.13", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41756?format=api", "vulnerability_id": "VCID-164m-humk-1fe3", "summary": "Exposure of Resource to Wrong Sphere\nInsufficient capability checks made it possible to fetch other users' calendar action events.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36386", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36293", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43560" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021519", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021519" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=429100", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=429100" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43560", "reference_id": "CVE-2021-43560", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43560" }, { "reference_url": "https://github.com/advisories/GHSA-g39c-mccf-rxjv", "reference_id": "GHSA-g39c-mccf-rxjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g39c-mccf-rxjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/59622?format=api", "purl": "pkg:composer/moodle/moodle@3.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-9uem-p6k3-nqdb" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4" } ], "aliases": [ "CVE-2021-43560", "GHSA-g39c-mccf-rxjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-164m-humk-1fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43038?format=api", "vulnerability_id": "VCID-1kfj-2zwf-vbfp", "summary": "Incorrect Authorization\nUsers with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39982", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40064", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064118", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064118" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064125", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064125" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/cdc78a16a5da95a17fb10bf1c66689237f5a3f7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/cdc78a16a5da95a17fb10bf1c66689237f5a3f7d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0984", "reference_id": "CVE-2022-0984", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0984" }, { "reference_url": "https://github.com/advisories/GHSA-c5hf-mc85-2hx4", "reference_id": "GHSA-c5hf-mc85-2hx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5hf-mc85-2hx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61089?format=api", "purl": "pkg:composer/moodle/moodle@3.9.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/61090?format=api", "purl": "pkg:composer/moodle/moodle@3.10.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/61091?format=api", "purl": "pkg:composer/moodle/moodle@3.11.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.6" } ], "aliases": [ "CVE-2022-0984", "GHSA-c5hf-mc85-2hx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kfj-2zwf-vbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43036?format=api", "vulnerability_id": "VCID-233t-s5y8-4yg5", "summary": "Improper Authentication\nInsufficient capability checks could allow users with the `moodle/site:uploadusers` capability to delete users, without having the necessary `moodle/user:delete` capability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40064", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39982", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064117", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064117" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/addd4f894d8173ec8ff0ae2212d51a1977e7bcad", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/addd4f894d8173ec8ff0ae2212d51a1977e7bcad" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0985", "reference_id": "CVE-2022-0985", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0985" }, { "reference_url": "https://github.com/advisories/GHSA-6q9g-3vfq-q2qj", "reference_id": "GHSA-6q9g-3vfq-q2qj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q9g-3vfq-q2qj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61089?format=api", "purl": "pkg:composer/moodle/moodle@3.9.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/61090?format=api", "purl": "pkg:composer/moodle/moodle@3.10.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/61091?format=api", "purl": "pkg:composer/moodle/moodle@3.11.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.6" } ], "aliases": [ "CVE-2022-0985", "GHSA-6q9g-3vfq-q2qj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-233t-s5y8-4yg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42617?format=api", "vulnerability_id": "VCID-2cdg-m3pq-ufe5", "summary": "Uncontrolled Resource Consumption\nA denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.7182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.7186", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32476" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422310", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422310" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32476", "reference_id": "CVE-2021-32476", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32476" }, { "reference_url": "https://github.com/advisories/GHSA-4qxc-qxrp-33cw", "reference_id": "GHSA-4qxc-qxrp-33cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qxc-qxrp-33cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32476", "GHSA-4qxc-qxrp-33cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2cdg-m3pq-ufe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42618?format=api", "vulnerability_id": "VCID-2jta-hqah-d7cf", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nTeachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53471", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53531", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32472" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422305", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422305" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32472", "reference_id": "CVE-2021-32472", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32472" }, { "reference_url": "https://github.com/advisories/GHSA-454r-jccq-96q8", "reference_id": "GHSA-454r-jccq-96q8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-454r-jccq-96q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32472", "GHSA-454r-jccq-96q8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jta-hqah-d7cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42179?format=api", "vulnerability_id": "VCID-57wg-wxss-jbaw", "summary": "Incorrect Authorization\nThe `calendar:manageentries` capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48484", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48421", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043663", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043663" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/2ee27313cea0d7073f5a6a35eccdfddcb3a9adad", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/2ee27313cea0d7073f5a6a35eccdfddcb3a9adad" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=431100", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=431100" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0333", "reference_id": "CVE-2022-0333", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0333" }, { "reference_url": "https://github.com/advisories/GHSA-m434-m5pv-p35w", "reference_id": "GHSA-m434-m5pv-p35w", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m434-m5pv-p35w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/60269?format=api", "purl": "pkg:composer/moodle/moodle@3.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/60270?format=api", "purl": "pkg:composer/moodle/moodle@3.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-95f1-6g3r-rkg4" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/60265?format=api", "purl": "pkg:composer/moodle/moodle@3.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5" } ], "aliases": [ "CVE-2022-0333", "GHSA-m434-m5pv-p35w" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57wg-wxss-jbaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42626?format=api", "vulnerability_id": "VCID-bju3-sj3y-83e3", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nIt was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56199", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56254", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32473" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422307", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32473", "reference_id": "CVE-2021-32473", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32473" }, { "reference_url": "https://github.com/advisories/GHSA-wx87-h539-4775", "reference_id": "GHSA-wx87-h539-4775", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wx87-h539-4775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32473", "GHSA-wx87-h539-4775" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bju3-sj3y-83e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42625?format=api", "vulnerability_id": "VCID-cs5n-4bst-zfcj", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nAn SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77722", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77749", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32474" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422308", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422308" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32474", "reference_id": "CVE-2021-32474", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32474" }, { "reference_url": "https://github.com/advisories/GHSA-rvmc-8gmg-ggqr", "reference_id": "GHSA-rvmc-8gmg-ggqr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvmc-8gmg-ggqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32474", "GHSA-rvmc-8gmg-ggqr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs5n-4bst-zfcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42615?format=api", "vulnerability_id": "VCID-efq2-s2df-pqa1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60875", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60924", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32475" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422309", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422309" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32475", "reference_id": "CVE-2021-32475", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32475" }, { "reference_url": "https://github.com/advisories/GHSA-5wjh-v7c8-wrhx", "reference_id": "GHSA-5wjh-v7c8-wrhx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wjh-v7c8-wrhx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32475", "GHSA-5wjh-v7c8-wrhx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efq2-s2df-pqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42176?format=api", "vulnerability_id": "VCID-hk13-uc46-87h1", "summary": "Exposure of Resource to Wrong Sphere\nInsufficient capability checks could lead to users accessing their grade report for courses where they does not have the required `gradereport/user:view` capability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35057", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35152", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0334" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043664", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043664" }, { "reference_url": "https://github.com/moodle/moodle/commit/1964d68f8500ea3c7b776fa8a2af6266ed109f84", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/1964d68f8500ea3c7b776fa8a2af6266ed109f84" }, { "reference_url": "https://github.com/moodle/moodle/commit/6d18f136ae88ec97e351a723df570816a959ec68", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/6d18f136ae88ec97e351a723df570816a959ec68" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=431102", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=431102" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0334", "reference_id": "CVE-2022-0334", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0334" }, { "reference_url": "https://github.com/advisories/GHSA-93pj-4p65-qmr9", "reference_id": "GHSA-93pj-4p65-qmr9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93pj-4p65-qmr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/60269?format=api", "purl": "pkg:composer/moodle/moodle@3.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/60270?format=api", "purl": "pkg:composer/moodle/moodle@3.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-95f1-6g3r-rkg4" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/60265?format=api", "purl": "pkg:composer/moodle/moodle@3.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5" } ], "aliases": [ "CVE-2022-0334", "GHSA-93pj-4p65-qmr9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk13-uc46-87h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42624?format=api", "vulnerability_id": "VCID-n7d3-j3jn-rqfc", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03402", "scoring_system": "epss", "scoring_elements": "0.87638", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03402", "scoring_system": "epss", "scoring_elements": "0.87659", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32478" }, { "reference_url": "https://github.com/moodle/moodle/commit/752ad3d8eb4f9ac22dbf1461aa69d6e0baee503e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/752ad3d8eb4f9ac22dbf1461aa69d6e0baee503e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=422314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=422314" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32478", "reference_id": "CVE-2021-32478", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32478" }, { "reference_url": "https://github.com/advisories/GHSA-78fm-qhh8-8858", "reference_id": "GHSA-78fm-qhh8-8858", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78fm-qhh8-8858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60942?format=api", "purl": "pkg:composer/moodle/moodle@3.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/60943?format=api", "purl": "pkg:composer/moodle/moodle@3.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-wnaz-fnev-qqhd" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4" } ], "aliases": [ "CVE-2021-32478", "GHSA-78fm-qhh8-8858" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7d3-j3jn-rqfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41753?format=api", "vulnerability_id": "VCID-p3ge-1cqt-tufw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36588", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36494", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021515", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021515" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=429097", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=429097" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43558", "reference_id": "CVE-2021-43558", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43558" }, { "reference_url": "https://github.com/advisories/GHSA-wpfp-q843-v772", "reference_id": "GHSA-wpfp-q843-v772", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpfp-q843-v772" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/59622?format=api", "purl": "pkg:composer/moodle/moodle@3.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-9uem-p6k3-nqdb" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4" } ], "aliases": [ "CVE-2021-43558", "GHSA-wpfp-q843-v772" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3ge-1cqt-tufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42180?format=api", "vulnerability_id": "VCID-qfvz-hf8h-8bb3", "summary": "Cross-Site Request Forgery (CSRF)\nThe `delete badge alignment` functionality does not include the necessary token check to prevent a CSRF risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0335" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043666", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043666" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/d40cc61eba229c6d1f47b9a525022fbc9136b9f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/d40cc61eba229c6d1f47b9a525022fbc9136b9f6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=431103", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=431103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0335", "reference_id": "CVE-2022-0335", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0335" }, { "reference_url": "https://github.com/advisories/GHSA-xpfv-89vg-r562", "reference_id": "GHSA-xpfv-89vg-r562", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpfv-89vg-r562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/60269?format=api", "purl": "pkg:composer/moodle/moodle@3.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/60270?format=api", "purl": "pkg:composer/moodle/moodle@3.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-95f1-6g3r-rkg4" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/60265?format=api", "purl": "pkg:composer/moodle/moodle@3.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5" } ], "aliases": [ "CVE-2022-0335", "GHSA-xpfv-89vg-r562" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfvz-hf8h-8bb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42783?format=api", "vulnerability_id": "VCID-taab-hupu-huf9", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nAn SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60372", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064119", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064119" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/c2794752ea3cdda2d64a0651da08b2cdf730d9f1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c2794752ea3cdda2d64a0651da08b2cdf730d9f1" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0983", "reference_id": "CVE-2022-0983", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0983" }, { "reference_url": "https://github.com/advisories/GHSA-h2fw-93qx-vrcq", "reference_id": "GHSA-h2fw-93qx-vrcq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2fw-93qx-vrcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61089?format=api", "purl": "pkg:composer/moodle/moodle@3.9.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/61090?format=api", "purl": "pkg:composer/moodle/moodle@3.10.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/61091?format=api", "purl": "pkg:composer/moodle/moodle@3.11.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.6" } ], "aliases": [ "CVE-2022-0983", "GHSA-h2fw-93qx-vrcq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-taab-hupu-huf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41752?format=api", "vulnerability_id": "VCID-u32t-89zc-v3gj", "summary": "Cross-Site Request Forgery (CSRF)\nThe `delete related badge` functionality does not include the necessary token check to prevent a CSRF risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28868", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28796", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021517", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021517" }, { "reference_url": "https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=429099", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=429099" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43559", "reference_id": "CVE-2021-43559", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43559" }, { "reference_url": "https://github.com/advisories/GHSA-3jrj-x6cj-97cp", "reference_id": "GHSA-3jrj-x6cj-97cp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3jrj-x6cj-97cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/59622?format=api", "purl": "pkg:composer/moodle/moodle@3.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-9uem-p6k3-nqdb" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4" } ], "aliases": [ "CVE-2021-43559", "GHSA-3jrj-x6cj-97cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u32t-89zc-v3gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41750?format=api", "vulnerability_id": "VCID-zf4q-a4cz-y7dh", "summary": "Improper Input Validation\nA flaw was found in Moodle to to to unsupported versions. A remote code execution risk when restoring backup files was identified.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01188", "scoring_system": "epss", "scoring_elements": "0.7917", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01188", "scoring_system": "epss", "scoring_elements": "0.79144", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3943" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021963", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021963" }, { "reference_url": "https://github.com/moodle/moodle/commit/58e8ad852f9e75c8158e5bee02c273383f7d9865", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/58e8ad852f9e75c8158e5bee02c273383f7d9865" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=429095", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=429095" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3943", "reference_id": "CVE-2021-3943", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3943" }, { "reference_url": "https://github.com/advisories/GHSA-8jhp-2gcr-qw96", "reference_id": "GHSA-8jhp-2gcr-qw96", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jhp-2gcr-qw96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59620?format=api", "purl": "pkg:composer/moodle/moodle@3.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/59621?format=api", "purl": "pkg:composer/moodle/moodle@3.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/59622?format=api", "purl": "pkg:composer/moodle/moodle@3.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-9uem-p6k3-nqdb" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4" } ], "aliases": [ "CVE-2021-3943", "GHSA-8jhp-2gcr-qw96" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zf4q-a4cz-y7dh" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54192?format=api", "vulnerability_id": "VCID-bbj9-hpz3-xqhh", "summary": "Cross-site Scripting\nThe ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63377", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63334", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20279" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939033" }, { "reference_url": "https://github.com/moodle/moodle/commit/a7e0ba1e71205ccb0a73dedee414f1a167ee2ed7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a7e0ba1e71205ccb0a73dedee414f1a167ee2ed7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419650", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419650" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20279", "reference_id": "CVE-2021-20279", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20279" }, { "reference_url": "https://github.com/advisories/GHSA-h7h6-fwpv-ggvx", "reference_id": "GHSA-h7h6-fwpv-ggvx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7h6-fwpv-ggvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20279", "GHSA-h7h6-fwpv-ggvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbj9-hpz3-xqhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54193?format=api", "vulnerability_id": "VCID-dpd2-1sqc-qqfy", "summary": "Information Exposure\nIt was possible for some users without permission to view other users' full names to do so via the online users block in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43294", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43221", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20281" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939041", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939041" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/33d6017287e1835513a3de8edd3fbf7a6a90af9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/33d6017287e1835513a3de8edd3fbf7a6a90af9c" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419652", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20281", "reference_id": "CVE-2021-20281", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20281", "GHSA-93wh-35r4-6qmw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpd2-1sqc-qqfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54185?format=api", "vulnerability_id": "VCID-gnez-ehgq-rfbr", "summary": "Incorrect Authorization\nWhen creating a user account, it was possible to verify the account without having access to the verification email `link/secret` in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39139", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39052", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939046", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939046" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419653", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419653" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20282", "reference_id": "CVE-2021-20282", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20282" }, { "reference_url": "https://github.com/advisories/GHSA-grj4-g57c-9xmv", "reference_id": "GHSA-grj4-g57c-9xmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grj4-g57c-9xmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20282", "GHSA-grj4-g57c-9xmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnez-ehgq-rfbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54183?format=api", "vulnerability_id": "VCID-mqde-66zm-qbbj", "summary": "Incorrect Authorization\nThe web service responsible for fetching other users' enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35761", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35659", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939051", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939051" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419654", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20283", "reference_id": "CVE-2021-20283", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20283" }, { "reference_url": "https://github.com/advisories/GHSA-2m72-m5cw-3g9h", "reference_id": "GHSA-2m72-m5cw-3g9h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2m72-m5cw-3g9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20283", "GHSA-2m72-m5cw-3g9h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqde-66zm-qbbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54187?format=api", "vulnerability_id": "VCID-pgfa-bkaw-q7cq", "summary": "Cross-site Scripting\nText-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75733", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.7576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939037", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939037" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/a303eb9e9e387f95ea2a80cb1ce6c0b132ec1cc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a303eb9e9e387f95ea2a80cb1ce6c0b132ec1cc4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419651", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419651" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20280", "reference_id": "CVE-2021-20280", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20280" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20280", "GHSA-x2jp-hh65-4xvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgfa-bkaw-q7cq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }