moodle/moodle vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-3641Highmoodle/moodle: Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repositoryCVE-2025-3644Mediummoodle/moodle: Moodle's AJAX section delete does not respect course_can_delete_section()CVE-2025-3638Lowmoodle/moodle: Moodle has a CSRF risk in Brickfield tool's analysis request actionCVE-2025-3640Mediummoodle/moodle: Moodle has an IDOR in web service which allows users enrolled in a course to access some details of…CVE-2025-3635Lowmoodle/moodle: Moodle has a CSRF risk in user tours manager that allows tour duplicationCVE-2025-3636Mediummoodle/moodle: Moodle allows IDOR in RSS block, which allows access to additional RSS feedsCVE-2025-3628Mediummoodle/moodle: Moodle reveals student identities through assignment submissions search on anonymous submissionsCVE-2025-32044Highmoodle/moodle: Moodle allows unauthenticated REST API user data exposureCVE-2025-32045Mediummoodle/moodle: Moodle shows hidden grades to users without permission on some grade reportsCVE-2025-3634Mediummoodle/moodle: Moodle self enrollment available before completing second factor with MFA enabledCVE-2025-3627Mediummoodle/moodle: Moodle makes some user data available before completing second factor with MFA enabledCVE-2025-26533Highmoodle/moodle: Moodle has a SQL injection risk in course search module list filterCVE-2025-26530Highmoodle/moodle: Moodle allows reflected XSS via question bank filterCVE-2025-26529Highmoodle/moodle: Moodle has a stored XSS risk in admin live logCVE-2025-26532Lowmoodle/moodle: Moodle allows teachers to evade trusttext config when restoring glossary entriesCVE-2025-26527Mediummoodle/moodle: Moodle's non-searchable tags can still be discovered on the tag search page and in the tags blockCVE-2025-26528Lowmoodle/moodle: Moodle has a stored XSS in ddimageortext question typeCVE-2025-26526Mediummoodle/moodle: Moodle's feedback response viewing and deletions did not respect Separate Groups modeCVE-2025-26531Lowmoodle/moodle: Moodle has an IDOR in badges allows disabling of arbitrary badgesCVE-2025-26525Highmoodle/moodle: Moodle has an arbitrary file read risk through pdfTeXCVE-2024-45690Mediummoodle/moodle: Moodle IDOR when deleting OAuth2 linked accountsCVE-2024-45689Mediummoodle/moodle: Moodle allows users to retrieve information they did not have permission to accessCVE-2024-48899Mediummoodle/moodle: Moodle IDOR when accessing list of course badgesCVE-2024-45691Mediummoodle/moodle: Moodle Lesson activity password bypass through PHP loose comparisonCVE-2024-48898Mediummoodle/moodle: moodle: Some users can delete audiences of other reports

Stop the waste.
Protect your environment with Kodem.