Package impact

Packagist / moodle/moodle

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2016-2155	medium	4.3	4.3				10y ago	Moodle allows attackers to modify "Exclude grade" settings
CVE-2016-2154	medium	4.3	4.3				10y ago	Moodle allows attackers to discover hidden course names
CVE-2016-2151	medium	4.3	4.3				10y ago	Moodle allows attackers to discover student e-mail addresses
CVE-2016-0724	medium	4.3	4.3				10y ago	Moodle sensitive information disclosure
CVE-2015-5342	medium	4.3	4.3				10y ago	Moodle allows attackers to bypass intended access restrictions
CVE-2015-5341	medium	4.3	4.3				10y ago	Moodle allows attackers to read SCORM contents
CVE-2015-5340	medium	4.3	4.3				10y ago	Moodle sensitive information disclosure
CVE-2015-5339	medium	4.3	4.3				10y ago	Moodle does not properly implement group-based access restrictions
CVE-2015-5335	medium	4.3	4.3				10y ago	Moodle cross-site request forgery (CSRF) vulnerability
CVE-2015-5331	medium	4.3	4.3				10y ago	Moodle improper access control
CVE-2015-5268	medium	4.3	4.3				10y ago	Moodle mishandles group-based authorization checks
CVE-2015-5265	medium	4.3	4.3				10y ago	Moodle allows attackers to delete files
CVE-2015-3176	medium	—	4.3				11y ago	Moodle allows attackers obtain full-name information
CVE-2015-2270	medium	—	4.3				11y ago	Moodle allows attackers to obtain sensitive course information
CVE-2014-9059	medium	—	4.3				12y ago	Moodle does not provide charset information in HTTP headers
CVE-2014-3548	medium	—	4.3				12y ago	Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2014-3547	medium	—	4.3				12y ago	Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2014-3543	medium	—	4.3				12y ago	Moodle Arbitrary File Read via XML External Entity vulnerability
CVE-2014-3542	medium	—	4.3				12y ago	Moodle allows remote attackers to read arbitrary files
CVE-2014-0218	medium	—	4.3				12y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2014-0217	medium	—	4.3				12y ago	Moodle does not check for the moodle/course:viewhiddencourses capability
CVE-2013-7341	medium	—	4.3				12y ago	Moodle cross-site scripting (XSS) vulnerabilities
CVE-2013-4942	medium	—	4.3				13y ago	YUI Cross-site Scripting (XSS) vulnerability
CVE-2013-4941	medium	—	4.3				13y ago	YUI Cross-site Scripting (XSS) vulnerability
CVE-2013-4940	medium	—	4.3				13y ago	YUI Cross-site Scripting (XSS) vulnerability
CVE-2013-2081	medium	—	4.3				13y ago	Moodle does not consider "don't send" attributes during hub registration
CVE-2011-4286	medium	—	4.3				14y ago	Moodle vulnerable to Cross-site Scripting
CVE-2011-4282	medium	—	4.3				14y ago	Moodle vulnerable to Cross-site Scripting
CVE-2011-4278	medium	—	4.3				14y ago	Moodle XSS In Tag Autocomplete functionality
CVE-2011-4306	medium	—	4.3				14y ago	Moodle XSS Vulnerability
CVE-2011-4299	medium	—	4.3				14y ago	Moodle vulnerable to Cross-Site Scripting
CVE-2010-1619	medium	—	4.3				16y ago	Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, a…
CVE-2010-1618	medium	—	4.3				16y ago	phpCAS client library and Moodle Cross-site Scripting vulnerability
CVE-2010-1614	medium	—	4.3				16y ago	Moodle vulnerable to Cross-site Scripting
CVE-2015-3181	medium	—	4.0				11y ago	Moodle allows attackers to bypass file-management restrictions
CVE-2015-3180	medium	—	4.0				11y ago	Moodle allows attackers to obtain sensitive course-structure information
CVE-2015-2272	medium	—	4.0				11y ago	Moodle allows attackers to bypass a forced-password-change requirement
CVE-2015-2271	medium	—	4.0				11y ago	Moodle does not consider the moodle/tag:flag capability
CVE-2015-2267	medium	—	4.0				11y ago	Moodle allows attackers to extract archives to arbitrary directories
CVE-2015-2266	medium	—	4.0				11y ago	Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
CVE-2015-0215	medium	—	4.0				11y ago	Moodle allows attackers to obtain sensitive calendar-event information
CVE-2015-0214	medium	—	4.0				11y ago	Moodle allows attackers to bypass a messaging-disabled setting
CVE-2015-0211	medium	—	4.0				11y ago	Moodle allows attackers to obtain sensitive information
CVE-2014-7846	medium	—	4.0				12y ago	Moodle does not consider the moodle/tag:edit capability before adding a tag
CVE-2014-7834	medium	—	4.0				12y ago	Moodle does not verify group permissions
CVE-2014-7833	medium	—	4.0				12y ago	Moodle allows attackers to obtain sensitive information
CVE-2014-7832	medium	—	4.0				12y ago	Moodle allows attackers to bypass the mod/lti:view capability requirement
CVE-2014-7831	medium	—	4.0				12y ago	Moodle exposes hidden grades to students
CVE-2014-3617	medium	—	4.0				12y ago	Moodle allows discovery of an author's username
CVE-2014-0215	medium	—	4.0				12y ago	Moodle Reveals Student Information Meant To Be Anonymous
CVE-2014-2572	medium	—	4.0				12y ago	Moodle attackers to modify grade metadata
CVE-2014-0129	medium	—	4.0				12y ago	Moodle allows attackers to modify the visibility of a badge
CVE-2014-0124	medium	—	4.0				12y ago	Moodle allows attackers to obtain sensitive information
CVE-2013-2080	medium	—	4.0				13y ago	Moodle is vulnerable to Sensitive Information Disclosure
CVE-2013-1834	medium	—	4.0				13y ago	Moodle allows remote authenticated users to reassign notes
CVE-2013-1832	medium	—	4.0				13y ago	Moodle includes the WebDAV password in the configuration form
CVE-2012-6099	medium	—	4.0				14y ago	Moodle Arbitrary File Read via Backup Functionality
CVE-2012-3387	medium	—	4.0				14y ago	Moodle Authentication Bypass in File Upload
CVE-2012-2356	medium	—	4.0				14y ago	Moodle Authentication Bypass in Question-Bank
CVE-2012-2353	medium	—	4.0				14y ago	Moodle Exposes Sensitive User Information
CVE-2011-4292	medium	—	4.0				14y ago	Moodle allows remote authenticated users to cause a denial of service (invalid database records)
CVE-2011-4291	medium	—	4.0				14y ago	Moodle allows remote authenticated users to cause a denial of service (invalid database records)
CVE-2011-4289	medium	—	4.0				14y ago	Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members
CVE-2010-2230	medium	—	4.0				16y ago	The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site sc…
CVE-2010-1617	medium	—	4.0				16y ago	Moodle doesn't properly check role
CVE-2010-1616	medium	—	4.0				16y ago	Moodle is vulnerable to unauthorized new accounts creation
CVE-2015-3179	low	—	3.5				11y ago	Moodle allows attackers to bypass intended login restrictions
CVE-2015-3178	low	—	3.5				11y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2015-3174	low	—	3.5				11y ago	Moodle does not set the RISK_XSS bit for graders
CVE-2015-2273	low	—	3.5				11y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2015-0216	low	—	3.5				11y ago	Moodle does not set the RISK_XSS bit for graders
CVE-2015-0212	low	—	3.5				11y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2014-7830	low	—	3.5				12y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2014-3551	low	—	3.5				12y ago	Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2014-2571	low	—	3.5				12y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2013-1835	low	—	3.5				13y ago	Moodle's login_as feature leaks information from external repositories
CVE-2013-1833	low	—	3.5				13y ago	Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
CVE-2014-7835	low	—	2.1				12y ago	Moodle allows attackers to upload files containing JavaScript
CVE-2024-43425	unknown	—	1.0				2y ago	Moodle Remote Code Execution vulnerability
CVE-2020-14321	unknown	—	1.0				4y ago	Moodle Incorrect Authorization vulnerability
CVE-2021-21809	unknown	—	1.0				4y ago	Moodle command execution vulnerability exists in the default legacy spellchecker plugin
CVE-2018-1042	unknown	—	1.0				4y ago	Moodle SSRF Vulnerability
CVE-2018-1133	unknown	—	1.0				4y ago	Moodle calculated question type allows remote code execution by Question authors
CVE-2019-3810	unknown	—	1.0				4y ago	Moodle XSS Vulnerability
CVE-2022-0332	unknown	—	1.0				4y ago	SQL injection in Moodle
CVE-2026-26045	unknown	—	—				3mo ago	Moodle has a Remote Code Execution risk via file restore
CVE-2026-26047	unknown	—	—				3mo ago	Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
CVE-2025-67853	unknown	—	—				4mo ago	Moodle Affected by Improper Restriction of Excessive Authentication Attempts
CVE-2025-67856	unknown	—	—				4mo ago	Moodle has an authorization logic flaw
CVE-2025-67852	unknown	—	—				4mo ago	Moodle Open Redirect vulnerability
CVE-2025-67855	unknown	—	—				4mo ago	Moodle vulnerable to Cross-site Scripting
CVE-2025-67857	unknown	—	—				4mo ago	Moodle Inserts Sensitive Information Into Sent Data
CVE-2025-67851	unknown	—	—				4mo ago	Moodle formula injection vulnerability
CVE-2025-67850	unknown	—	—				4mo ago	Moodle vulnerable to Cross-site Scripting
CVE-2025-67848	unknown	—	—				4mo ago	Moodle authentication bypass vulnerability
CVE-2025-67849	unknown	—	—				4mo ago	Moodle Cross-site Scripting (XSS) vulnerability
CVE-2025-67847	unknown	—	—				4mo ago	Moodle affected by a code injection vulnerability
CVE-2025-62399	unknown	—	—				7mo ago	Moodle vulnerable to brute-force password guesses
CVE-2025-62398	unknown	—	—				7mo ago	Moodle does not properly enforce MFA
CVE-2025-62400	unknown	—	—				7mo ago	Moodle exposed the names of hidden groups to users