Homepage

moodle/moodle vulnerabilities

  • licenses detected

    • Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the moodle/moodle package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Access Control Bypass

    >=4.4.0, <4.4.4
    • H
    Access Control Bypass

    <4.1.13>=4.2.0, <4.2.10>=4.3.0, <4.3.7>=4.4.0, <4.4.3
    • H
    Information Exposure

    <4.1.13>=4.2.0, <4.2.10>=4.3.0, <4.3.7>=4.4.0, <4.4.3
    • M
    Improper Authentication

    <4.1.13>=4.2.0, <4.2.10>=4.3.0, <4.3.7>=4.4.0, <4.4.3
    • M
    Information Exposure

    <4.5.0-rc2
    • M
    Missing Authorization

    <4.5.0-rc2
    • M
    Improper Authorization

    <4.5.0-rc2
    • M
    Improper Authorization

    <4.5.0-rc2
    • M
    Information Exposure

    >=4.4.0, <4.4.4
    • M
    Cross-site Scripting (XSS)

    >=4.1.0, <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • M
    Improper Authentication

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6
    • M
    Information Exposure

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6>=4.2.0, <4.2.9>=4.1.0, <4.1.12
    • M
    Cross-site Scripting (XSS)

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6>=4.2.0, <4.2.9>=4.1.0, <4.1.12
    • M
    Improper Privilege Management

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6>=4.2.0, <4.2.9>=4.1.0, <4.1.12
    • M
    Access Control Bypass

    >=4.4.0, <4.4.2
    • M
    Open Redirect

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6>=4.2.0, <4.2.9>=4.1.0, <4.1.12
    • M
    Information Exposure

    >=4.4.0, <4.4.2>=4.3.0, <4.3.6>=4.2.0, <4.2.9>=4.1.0, <4.1.12
    • H
    Improper Input Validation

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    SQL Injection

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    Access Control Bypass

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    Cross-site Request Forgery (CSRF)

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    Improper Input Validation

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    Access Control Bypass

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • H
    PHP Remote File Inclusion

    >=4.1.0, <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • C
    Remote Code Execution

    <4.1.12>=4.2.0, <4.2.9>=4.3.0, <4.3.6>=4.4.0, <4.4.2
    • M
    Cross-site Scripting (XSS)

    >=0.0.0
    • M
    Improper Access Control

    <4.1.11>=4.2.0, <4.2.8>=4.3.0, <4.3.5>=4.4.0, <4.4.1
    • M
    Cross-Site Request Forgery (CSRF)

    <4.1.11>=4.2.0, <4.2.8>=4.3.0, <4.3.5>=4.4.0, <4.4.1
    • M
    Use of a Key Past its Expiration Date

    <4.1.11>=4.2.0, <4.2.8>=4.3.0, <4.3.5>=4.4.0, <4.4.1
    • M
    Cross-site Scripting (XSS)

    <4.1.11>=4.2.0, <4.2.8>=4.3.0, <4.3.5>=4.4.0, <4.4.1
    • M
    Improper Authorization

    <4.1.11>=4.2.0, <4.2.8>=4.3.0, <4.3.5>=4.4.0, <4.4.1
    • M
    Improper Input Validation

    <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-site Scripting (XSS)

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-site Scripting (XSS)

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-site Scripting (XSS)

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Information Exposure Through Misconfigured Permissions

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-Site Request Forgery (CSRF)

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Improper Input Validation

    >=4.3.0, <4.3.4
    • M
    Information Exposure Through an Error Message

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • H
    Information Exposure Through Directory Listing

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Information Exposure Through Directory Listing

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-Site Request Forgery (CSRF)

    >=4.3.0, <4.3.4
    • M
    Improper Input Validation

    >=4.3.0, <4.3.4
    • M
    Inappropriate Encoding for Output

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • M
    Cross-Site Request Forgery (CSRF)

    >=4.0.0, <4.1.10>=4.2.0, <4.2.7>=4.3.0, <4.3.4
    • L
    Improper Authorization

    <3.6.7>=3.7.0-beta, <3.7.3
    • M
    Cross-site Scripting (XSS)

    >=3.9, <3.9.15>=3.11, <3.11.8>=4.0, <4.0.2
    • M
    Cross-site Scripting (XSS)

    >=3.2
    • M
    Cross-site Scripting (XSS)

    >=3.1.0, <3.1.5>=3.2.0, <3.2.2
    • C
    Incorrect Permission Assignment for Critical Resource

    >=0.0.0
    • M
    Access Control Bypass

    >=3.5, <3.5.7>=3.6, <3.6.5>=3.7, <3.7.1
    • M
    Information Exposure

    >=3.2, <3.2.2
    • M
    Improper Access Control

    >=2.7, <2.7.20>=3.0, <3.0.10>=3.1, <3.1.6>=3.2, <3.2.3
    • M
    URL Redirection to Untrusted Site ('Open Redirect')

    >=3.9, <3.9.15>=3.11, <3.11.8>=4.0, <4.0.2
    • H
    Unrestricted Upload of File with Dangerous Type

    >=2.0.1
    • C
    Server-Side Request Forgery (SSRF)

    <3.9.18>=3.11, <3.11.11>=4.0, <4.0.5
    • H
    Weak Password Recovery Mechanism for Forgotten Password

    <2.7.16>=2.9, <2.9.8>=3.0, <3.0.6>=3.1, <3.1.2
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    >=2.8, <2.8.10>=2.9, <2.9.4>=3.0, <3.0.2
    • M
    Cross-Site Scripting (XSS)

    >=3.11, <3.11.11>=4.0, <4.0.5
    • M
    Improper Input Validation

    <3.1.18>=3.4, <3.4.9>=3.5, <3.5.6>=3.6, <3.6.4
    • M
    Information Exposure

    <3.1.7>=3.2, <3.2.4>=3.3, <3.3.1
    • M
    Information Exposure

    >=3.1, <3.1.1
    • M
    Improper Input Validation

    >=2.7, <2.7.18>=3.0, <3.0.8>=3.1, <3.1.4>=3.2, <3.2.1
    • M
    Cross-Site Scripting (XSS)

    <3.9.18>=3.11, <3.11.11>=4.0, <4.0.5
    • M
    Information Exposure Through an Error Message

    >=3.10, <3.10.4
    • M
    Cross-site Scripting (XSS)

    >=3.1, <3.1.12>=3.2, <3.2.9>=3.3, <3.3.6>=3.4, <3.4.3
    • M
    Improper Access Control

    <3.5.7>=3.6.0, <3.6.5>=3.7.0, <3.7.1
    • M
    Server-side Request Forgery (SSRF)

    <3.9.15>=3.11, <3.11.8>=4.0, <4.0.2
    • M
    Improper Access Control

    <3.5.7>=3.6.0, <3.6.5>=3.7.0, <3.7.1
    • M
    Information Exposure

    >=3.10, <3.10.4>=3.9, <3.9.7>=3.8, <3.8.9>=3.5, <3.5.18
    • M
    Cross-Site Request Forgery (CSRF)

    >=2.7, <2.7.20>=3.0, <3.0.10>=3.1, <3.1.6>=3.2, <3.2.3
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    <3.1.4>=3.2, <3.2.1
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    <3.5.16>=3.8, <3.8.7>=3.9, <3.9.4>=3.10, <3.10.1
    • M
    Improper Access Control

    <2.7.14>=2.8, <2.8.12>=2.9, <2.9.6>=3.0, <3.0.3
    • M
    URL Redirection to Untrusted Site ('Open Redirect')

    <3.5.9>=3.6, <3.6.7>=3.7, <3.7.3
    • M
    Exposure of Resource to Wrong Sphere

    >=2.7, <2.7.20>=3.0, <3.0.10>=3.1, <3.1.6>=3.2, <3.2.3
    • M
    Cross-site Scripting (XSS)

    >=3.5, <3.5.9>=3.6, <3.6.7>=3.7, <3.7.3
    • C
    SQL Injection

    >=2.7.0, <2.7.19>=3.0.0, <3.0.9>=3.1.0, <3.1.5>=3.2.0, <3.2.2
    • H
    Improper Control of Generation of Code ('Code Injection')

    >=3.5, <3.5.16>=3.8, <3.8.7>=3.9, <3.9.4>=3.10, <3.10.1
    • C
    Improper Input Validation

    >=3.9.0, <3.9.15>=3.11.0, <3.11.8>=4.0.0, <4.0.2
    • C
    Server-Side Request Forgery (SSRF)

    >=3.1.0, <3.1.16
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    >=0.0.0
    • M
    Cross-site Scripting (XSS)

    >=3.10.9
    • M
    Improper Input Validation

    <4.1.9>=4.2, <4.2.6>=4.3, <4.3.3
    • M
    Cross-Site Request Forgery (CSRF)

    <4.1.9>=4.2, <4.2.6>=4.3, <4.3.3
    • M
    Authorization Bypass

    <4.1.9>=4.2, <4.2.6>=4.3, <4.3.3
    • H
    Denial of Service (DoS)

    <4.1.9>=4.2, <4.2.6>=4.3, <4.3.3
    • M
    Authorization Bypass

    <4.1.9>=4.2, <4.2.6>=4.3, <4.3.3
    • L
    Improper Authorization

    <4.1.9>=4.2, <4.2.6>=4.4, <4.3.3
    • M
    Improper Access Control

    >=0.0.0
    • M
    Improper Access Control

    <2.7.14>=2.8, <2.8.12>=2.9, <2.9.6>=3.0, <3.0.4
    • M
    Improper Access Control

    <2.5.8>=2.6.0, <2.6.5>=2.7.0, <2.7.2
    • M
    Cross-site Scripting

    <2.4.10>=2.5.0, <2.5.6>=2.6.0, <2.6.3
    • H
    Improper Control of Generation of Code ('Code Injection')

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • H
    Cross-Site Request Forgery (CSRF)

    <2.6.7>=2.7.0, <2.7.4>=2.8.0, <2.8.2
    • M
    Information Exposure Through an Error Message

    >=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Information Exposure

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Improper Access Control

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Improper Access Control

    <2.6.11>=2.7.0-beta, <2.7.8>=2.8.0-beta, <2.8.6
    • M
    Cross-site Scripting

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Information Exposure

    <2.6.11>=2.7.0-beta, <2.7.8>=2.8.0-beta, <2.8.6
    • M
    Improper Access Control

    <2.7.11>=2.8.0-beta, <2.8.9>=2.9.0-beta, <2.9.3
    • M
    Information Exposure Through an Error Message

    <2.7.11>=2.8.0-beta, <2.8.9>=2.9.0-beta, <2.9.3
    • M
    Information Exposure Through an Error Message

    <2.7.13>=2.8.0-beta, <2.8.11>=2.9.0-beta, <2.9.5>=3.0.0-beta, <3.0.3
    • M
    Cross-site Scripting

    <2.7.10>=2.8.0-beta, <2.8.8>=2.9.0-beta, <2.9.2
    • M
    Information Exposure

    <2.7.13>=2.8.0, <2.8.11>=2.9.0, <2.9.5>=3.0.0, <3.0.3
    • M
    Cross-site Scripting

    >=2.8.0, <2.8.2
    • M
    Improper Access Control

    <2.6.11>=2.7.0, <2.7.8>=2.8.0, <2.8.6
    • M
    Improper Access Control

    <2.7.11>=2.8.0, <2.8.9>=2.9.0, <2.9.3
    • M
    Improper Access Control

    <2.7.13>=2.8, <2.8.11>=2.9, <2.9.5>=3.0, <3.0.3
    • M
    Information Exposure

    <2.7.13>=2.8.0, <2.8.11>=2.9.0, <2.9.5>=3.0.0, <3.0.3
    • M
    Improper Input Validation

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Information Exposure

    >=2.8.0, <2.8.11>=2.9.0, <2.9.5>=3.0.0, <3.0.3
    • M
    Improper Access Control

    <2.7.10>=2.8.0, <2.8.8>=2.9.0, <2.9.2
    • M
    Information Exposure Through an Error Message

    <2.7.10>=2.8.0, <2.8.8>=2.9.0, <2.9.2
    • M
    Improper Access Control

    <2.6.7>=2.7.0, <2.7.4>=2.8.0, <2.8.2
    • M
    Improper Access Control

    >=2.8.0, <2.8.11>=2.9.0, <2.9.5>=3.0.0, <3.0.3
    • M
    Cross-Site Request Forgery (CSRF)

    <2.7.11>=2.8.0, <2.8.9>=2.9.0, <2.9.3
    • M
    Cross-site Scripting (XSS)

    <2.6.11>=2.7.0-beta, <2.7.8>=2.8.0-beta, <2.8.6
    • M
    Cross-site Scripting (XSS)

    <2.6.11>=2.7.0-beta, <2.7.8>=2.8.0-beta, <2.8.6
    • M
    Improper Access Control

    <2.7.10>=2.8.0-beta, <2.8.8>=2.9.0-beta, <2.9.2
    • M
    Cross-site Scripting (XSS)

    <2.6.7>=2.7.0-beta, <2.7.4>=2.8.0-beta, <2.8.2
    • M
    Improper Access Control

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Cross-site Scripting (XSS)

    <2.7.11>=2.8.0-beta, <2.8.9>=2.9.0-beta, <2.9.3
    • M
    Cross-site Scripting (XSS)

    <2.5.9>=2.6.0-beta, <2.6.6>=2.7.0-beta, <2.7.3
    • M
    Cross-site Scripting (XSS)

    <2.7.13>=2.8.0-beta, <2.8.11>=2.9.0-beta, <2.9.5>=3.0.0-beta, <3.0.3
    • M
    Cross-site Scripting (XSS)

    <2.7.9>=2.8.0-beta, <2.8.7>=2.9.0-beta, <2.9.1
    • H
    Cross-Site Request Forgery (CSRF)

    <2.6.7>=2.7.0-beta, <2.7.4>=2.8.0-beta, <2.8.2
    • M
    Cross-site Scripting (XSS)

    <2.7.9>=2.8.0-beta, <2.8.7>=2.9.0-beta, <2.9.1
    • M
    Cross-site Scripting (XSS)

    <2.7.13>=2.8.0-beta, <2.8.11>=2.9.0-beta, <2.9.5>=3.0.0-beta, <3.0.3
    • M
    Arbitrary File Read

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Improper Handling of Insufficient Permissions or Privileges

    <2.6.7>=2.7.0-beta, <2.7.4>=2.8.0-beta, <2.8.2
    • M
    Information Exposure

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Information Exposure

    <2.6.11>=2.7.0-beta, <2.7.8>=2.8.0-beta, <2.8.6
    • M
    Regular Expression Denial of Service (ReDoS)

    <2.6.7>=2.7.0-beta, <2.7.4>=2.8.0-beta, <2.8.2
    • M
    Regular Expression Denial of Service (ReDoS)

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Path Traversal

    <2.6.8>=2.7.0-beta, <2.7.5>=2.8.0-beta, <2.8.3
    • M
    Information Exposure

    <2.6.7>=2.7.0-beta, <2.7.4>=2.8.0-beta, <2.8.2
    • M
    Improper Handling of Insufficient Privileges

    <2.7.10>=2.8.0-beta, <2.8.8>=2.9.0-beta, <2.9.2
    • H
    Server-Side Request Forgery (SSRF)

    <2.4.1
    • M
    Open Redirect

    <2.6.11>=2.7.0-beta, <2.7.9>=2.9.0-beta, <2.9.1>=2.8.0-beta, <2.8.7
    • M
    Information Exposue

    <2.6.9>=2.7.0-beta, <2.7.6>=2.8.0-beta, <2.8.4
    • M
    Small Space of Random Values

    <2.7.10>=2.8.0-beta, <2.8.8>=2.9.0-beta, <2.9.2
    • H
    Cross-Site Request Forgery (CSRF)

    <2.7.13>=2.8.0-beta, <2.8.11>=2.9.0-beta, <2.9.5>=3.0.0-beta, <3.0.3
    • H
    Cross-Site Request Forgery (CSRF)

    <2.7.11>=2.8.0-beta, <2.8.9>=2.9.0-beta, <2.9.3
    • H
    Cross-Site Request Forgery (CSRF)

    <2.7.14>=2.8.0-beta, <2.8.12>=2.9.0-beta, <2.9.6>=3.0.0-beta, <3.0.4
    • M
    Cross-Site Request Forgery (CSRF)

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Cross-site Scripting

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Cross-site Scripting

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Cross-site Scripting

    >=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Improper Access Control

    >=2.6.0, <2.6.2
    • M
    Improper Access Control

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • H
    Uncontrolled Resource Consumption ('Resource Exhaustion')

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Cross-site Scripting

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Improper Access Control

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Cross-site Scripting

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Improper Access Control

    >=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Cross-site Scripting

    >=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Authorization Bypass

    >=2.7.0, <2.7.3
    • M
    Improper Access Control

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Improper Authorization

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Cross-site Scripting (XSS)

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • H
    Information Exposure

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • H
    Cross-Site Request Forgery (CSRF)

    <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Information Exposure

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Information Exposure

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • H
    Cross-Site Request Forgery (CSRF)

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • H
    Cross-Site Request Forgery (CSRF)

    >=2.4.0, <2.4.10>=2.5.0, <2.5.6>=2.6.0, <2.6.3
    • M
    Cross-site Request Forgery (CSRF)

    >=2.4.0, <2.4.10>=2.5.0, <2.5.6>=2.6.0, <2.6.3
    • M
    Authentication Bypass

    >=2.4.0, <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Improper Authentication

    >=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Improper Authentication

    >=2.4, <2.4.10>=2.5.0, <2.5.6>=2.6.0, <2.6.3
    • M
    Information Exposure

    >=2.6.0, <2.6.3
    • C
    Privilege Defined With Unsafe Actions

    <2.3.5>=2.4.0-rc1, <2.4.2
    • M
    Improper Access Control

    <2.3.7>=2.4.0, <2.4.4
    • M
    Improper Access Control

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • H
    Information Exposure

    <2.3.7>=2.4.0, <2.4.4
    • M
    Information Exposure Through an Error Message

    <2.3.5>=2.4.0, <2.4.2
    • M
    Improper Access Control

    <2.3.5>=2.4.0, <2.4.2
    • M
    Information Exposure Through an Error Message

    <2.3.5>=2.4.0, <2.4.2
    • M
    Information Exposure

    <2.3.5>=2.4.0, <2.4.2
    • M
    Improper Access Control

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Cross-site Scripting (XSS)

    <2.4.9>=2.5.0, <2.5.5>=2.6.0, <2.6.2
    • M
    Improper Access Control

    <2.3.5>=2.4.0, <2.4.2
    • H
    Information Exposure

    <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0-beta, <2.7.1
    • M
    Improper Authentication

    >=2.3, <2.3.4
    • M
    Improper Access Control

    <1.9.17>=2.0, <=2.0.8>=2.1, <=2.1.5>=2.2, <=2.2.2
    • M
    Improper Input Validation

    >=2.1.0, <=2.1.19>=2.2.0, <=2.2.7>=2.3.0, <=2.3.4>=2.4, <2.4.1
    • M
    Information Exposure Through an Error Message

    <1.9.17>=2.0, <2.0.8>=2.1, <2.1.5>=2.2, <2.2.2
    • L
    Cross-site Scripting (XSS)

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Improper Control of Generation of Code ('Code Injection')

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • L
    Improper Access Control

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Cross-site Scripting (XSS)

    >=4.0, <4.0.11>=4.1, <4.1.6>=4.2, <4.2.3
    • L
    Interpretation Conflict

    >=3.9, <3.9.24>=3.11, <3.11.17>=4.0, <4.0.11>=4.1, <4.1.6>=4.2, <4.2.3
    • L
    Improper Access Control

    >=4.0, <4.0.11>=4.1, <4.1.6>=4.2, <4.2.3
    • L
    Improper Access Control

    >=4.2.2, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • L
    Information Exposure

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Cross-site Scripting (XSS)

    >=3.9, <3.9.24>=3.11, <3.11.17>=4.0, <4.0.11>=4.1, <4.1.6>=4.2, <4.2.3
    • L
    Cross-site Scripting (XSS)

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Arbitrary Code Injection

    >=3.9, <3.9.24>=3.11, <3.11.17>=4.0, <4.0.11>=4.1, <4.1.6>=4.2, <4.2.3
    • L
    Information Exposure

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Improper Control of Generation of Code ('Code Injection')

    <3.9.24>=3.10.0, <3.11.17>=4.0.0, <4.0.11>=4.1.0, <4.1.6>=4.2.0, <4.2.3>=4.3.0-beta, <4.3.0-rc2
    • M
    Access Restriction Bypass

    <2.7.17>=2.8.0, <2.9.9>=3.0.0, <3.0.7>=3.1.0, <3.1.3
    • M
    Improper Input Validation

    >=2.7.0, <2.7.15>=2.8.0, <2.9.7>=3.0.0, <3.0.5>=3.1.0, <3.1.1
    • M
    Information Exposure

    <2.9.7>=3.0, <3.0.5>=3.1.0, <3.1.1
    • M
    Information Exposure

    >=3.0, <3.0.3>=2.9, <2.9.5>=2.8, <2.8.11<2.7.13
    • M
    Information Exposure

    >=3.0, <3.0.2>=2.9, <2.9.4>=2.8, <2.8.10<2.7.12
    • M
    Information Exposure

    >=2.7.0, <2.7.14>=2.8.0, <2.8.12>=2.9.0, <2.9.6>=3.0.0, <3.0.4
    • M
    Cross-site Scripting (XSS)

    >=2.4.0, <2.4.2>=2.3.0, <2.3.5>=2.2.0, <2.2.8>=2.0.0, <2.1.10
    • M
    Information Exposure

    <2.2.11>=2.3.0, <2.3.7>=2.4.0, <2.4.4
    • H
    Improper Input Validation

    <2.1.11>=2.2.0, <2.2.10>=2.3.0, <2.3.7>=2.4.0, <2.4.4
    • H
    Arbitrary Code Execution

    <2.5.3
    • M
    Insecure Defaults

    >=2.5.0, <2.5.9>=2.6.0, <2.6.6>=2.7.0, <2.7.3
    • M
    Access Restriction Bypass

    >=2.4.0, <2.4.10>=2.5.0, <2.5.6>=2.6.0, <2.7.0
    • M
    Arbitrary Code Execution

    >=2.4.0, <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Arbitrary File Read

    >=2.4.0, <2.4.11>=2.5.0, <2.5.7>=2.6.0, <2.6.4>=2.7.0, <2.7.1
    • M
    Cross-site Scripting (XSS)

    <2.7.11>=2.8.0, <2.8.9>=2.9.0, <2.9.3
    • M
    Cross-site Scripting (XSS)

    <3.1.2
    • M
    Cross-site Scripting (XSS)

    <2.6.9>=2.7.0, <2.7.6>=2.8.0, <2.8.4
    • M
    Open Redirect

    <2.6.11>=2.7, <2.7.8>=2.8, <2.8.6
    • M
    Authorization Bypass

    >=2.9.0, <2.9.3
    • M
    Incorrect Permission Assignment for Critical Resource

    <3.5.9>=3.6.0, <3.6.7>=3.7.0, <3.7.3
    • M
    Information Exposure

    <2.7.11>=2.8.0, <2.8.9>=2.9.0, <2.9.3
    • M
    Cross-site Scripting (XSS)

    >=3.1, <3.1.5>=3.2, <3.2.2
    • M
    Improper Privilege Management

    >=3.1.0, <3.1.7>=3.2.0, <3.2.4>=3.3.0, <3.3.1
    • M
    Information Exposure

    >=3.1.0, <3.1.8>=3.2.0, <3.2.5>=3.3.0, <3.3.2
    • M
    Cross-site Scripting (XSS)

    >=3.1.0, <3.1.8>=3.2.0, <3.2.5>=3.3.0, <3.3.2
    • M
    Information Exposure

    >=3.3, <3.3.1
    • M
    Cross-site Scripting (XSS)

    <3.1.16>=3.4, <3.4.7>=3.5, <3.5.4>=3.6, <3.6.2
    • M
    Server-side Request Forgery (SSRF)

    >=3.5, <3.5.4
    • M
    Cross-site Scripting (XSS)

    >=3.1.0, <3.1.15>=3.4.0, <3.4.6>=3.5.0, <3.5.3>=3.6.0, <3.6.1
    • M
    Improper Authentication

    >=3.5.0, <3.5.9>=3.6.0, <3.6.7>=3.7.0, <3.7.3
    • M
    Cross-site Scripting (XSS)

    >=3.7.0, <3.7.2
    • H
    Cross-site Request Forgery (CSRF)

    >=3.5.0, <3.5.6>=3.6.0, <3.6.4>=3.7.0, <3.7.1
    • M
    Cross-site Scripting (XSS)

    >=3.7, <3.7.7>=3.8, <3.8.4>=3.9, <3.9.1
    • M
    Cross-site Scripting (XSS)

    >=3.8, <3.8.1
    • M
    Cross-site Scripting (XSS)

    >=3.11.0, <3.11.15>=4.0.0, <4.0.9>=4.1.0, <4.1.4>=4.2.0, <4.2.1
    • H
    Server-side Request Forgery (SSRF)

    >=3.9.0, <3.9.22>=3.11.0, <3.11.15>=4.0.0, <4.0.9>=4.1.0, <4.1.4>=4.2.0, <4.2.1
    • M
    SQL Injection

    >=3.9.0, <3.9.22>=3.11.0, <3.11.15>=4.0.0, <4.0.9>=4.1.0, <4.1.4>=4.2.0, <4.2.1
    • M
    Cross-site Scripting (XSS)

    >=0.0.0
    • H
    SQL Injection

    >=3.9, <3.9.21>=3.11, <3.11.14>=4.0, <4.0.8>=4.1, <4.1.3
    • M
    External Control of File Name or Path

    >=4.1.0, <4.1.3
    • M
    Authorization Bypass

    <3.9.16>=3.11.0, <3.11.9>=4.0.0, <4.0.3
    • M
    Cross-site Request Forgery (CSRF)

    >=4.1.0, <4.1.2
    • H
    Arbitrary Code Injection

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Information Exposure

    >=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Information Exposure

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Cross-site Scripting (XSS)

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Information Exposure

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Cross-site Scripting (XSS)

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Arbitrary File Read

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • H
    SQL Injection

    <3.9.20>=3.11.0, <3.11.13>=4.0.0, <4.0.7>=4.1.0, <4.1.2
    • M
    Cross-site Scripting (XSS)

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Incorrect Default Permissions

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Hidden Functionality

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Cross-site Scripting (XSS)

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • H
    Improper Input Validation

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Cross-site Scripting (XSS)

    <3.11.1
    • M
    Incorrect Default Permissions

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • H
    SQL Injection

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • H
    SQL Injection

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • H
    Remote Code Execution (RCE)

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Server-side Request Forgery (SSRF)

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • H
    Denial of Service (DoS)

    <3.9.8>=3.10.0-beta, <3.10.5>=3.11.0-beta, <3.11.1
    • M
    Cross-site Scripting (XSS)

    <4.0.6>=4.1.0, <4.1.1
    • M
    Cross-site Scripting (XSS)

    <3.9.19>=3.11.0, <3.11.12>=4.0.0, <4.0.6>=4.1.0, <4.1.1
    • M
    Access Restriction Bypass

    <3.9.19>=3.11.0, <3.11.12>=4.0.0, <4.0.6>=4.1.0, <4.1.1
    • L
    Cross-site Request Forgery (CSRF)

    >=3.9.0, <3.9.18>=3.11.0, <3.11.11>=4.0.0, <4.0.5
    • M
    Cross-site Request Forgery (CSRF)

    >=3.11, <3.11.9>=4.0, <4.0.3
    • M
    Cross-site Scripting (XSS)

    <3.9.17>=3.11.0, <3.11.10>=4.0.0, <4.0.4
    • H
    Arbitrary Code Execution

    <3.9.17>=3.11.0, <3.11.10>=4.0.0, <4.0.4
    • L
    SQL Injection

    <3.9.17>=3.11.0, <3.11.10>=4.0.0, <4.0.4
    • M
    Information Exposure

    <3.9.17>=3.11.0, <3.11.10>=4.0.0, <4.0.4
    • M
    Cross-site Scripting (XSS)

    >=0.0.0
    • H
    Improper Authorization

    <3.5.13>=3.6.0, <3.7.7>=3.8.0, <3.8.4>=3.9.0, <3.9.1
    • M
    Improper Input Validation

    <3.9.15>=3.10.0-beta, <3.11.8>=4.0.0-beta, <4.0.2
    • C
    SQL Injection

    <3.9.14>=3.10, <3.10.11>=3.11, <3.11.7>=4.0, <4.0.1
    • H
    Incorrect Calculation

    <3.9.14>=3.10, <3.10.11>=3.11, <3.11.7>=4.0, <4.0.1
    • M
    Information Exposure

    <3.9.14>=3.10, <3.10.11>=3.11, <3.11.7>=4.0, <4.0.1
    • M
    Cross-site Scripting (XSS)

    <3.9.14>=3.10, <3.10.11>=3.11, <3.11.7>=4.0, <4.0.1
    • M
    External Control of Assumed-Immutable Web Parameter

    <3.9.14>=3.10, <3.10.11>=3.11, <3.11.7>=4.0, <4.0.1
    • H
    Incorrect Authorization

    >=3.9, <3.9.13>=3.10, <3.10.10>=3.11, <3.11.6>=4.0.0-rc1, <4.0.0
    • H
    Improper Authentication

    >=3.9, <3.9.13>=3.10, <3.10.10>=3.11, <3.11.6>=4.0.0-rc1, <4.0.0
    • M
    SQL Injection

    <3.9.13>=3.10.0, <3.10.10>=3.11.0, <3.11.6
    • M
    SQL Injection

    <3.5.18>=3.8, <3.8.9>=3.9, <3.9.7>=3.10, <3.10.4
    • M
    Cross-site Scripting (XSS)

    <3.8.9>=3.9, <3.9.7>=3.10, <3.10.4
    • M
    Denial of Service (DoS)

    <3.5.18>=3.8, <3.8.9>=3.9, <3.9.7>=3.10, <3.10.4
    • L
    Information Exposure

    <3.8.9>=3.9, <3.9.7>=3.10, <3.10.4
    • L
    Cross-site Scripting (XSS)

    <3.5.18>=3.8, <3.8.8>=3.9, <3.9.7>=3.10, <3.10.4
    • C
    SQL Injection

    >=3.11, <3.11.5
    • L
    Authorization Bypass

    <3.9.12>=3.10, <3.10.9>=3.11, <3.11.5
    • M
    Authorization Bypass

    <3.9.12>=3.10, <3.10.9>=3.11, <3.11.5
    • H
    Cross-site Request Forgery (CSRF)

    <3.9.12>=3.10, <3.10.9>=3.11, <3.11.5
    • M
    Arbitrary File Read

    <3.9.10>=3.10.0, <3.10.7>=3.11.0, <3.11.3
    • M
    Information Exposure

    <3.9.10>=3.10.0, <3.10.7>=3.11.0, <3.11.3
    • M
    Improper Access Control

    <3.9.10>=3.10.0, <3.10.7>=3.11.0, <3.11.3
    • M
    Improper Authentication

    <3.9.10>=3.10.0, <3.10.7>=3.11.0, <3.11.3
    • M
    Access Restriction Bypass

    <3.9.10>=3.10.0, <3.10.7>=3.11.0, <3.11.3
    • H
    Arbitrary Code Execution

    >=3.11, <3.11.4>=3.10, <3.10.8<3.9.11
    • M
    Cross-site Scripting (XSS)

    >=3.11, <3.11.4>=3.10, <3.10.8<3.9.11
    • M
    Improper Authorization

    >=3.11, <3.11.4>=3.10, <3.10.8<3.9.11
    • H
    Cross-site Request Forgery (CSRF)

    >=3.11, <3.11.4>=3.10, <3.10.8<3.9.11
    • M
    Cross-site Scripting (XSS)

    >=0.0.0
    • M
    Improper Input Validation

    <3.5.8>=3.6, <3.6.6>=3.7, <3.7.2
    • L
    Improper Authentication

    >=3.5, <3.5.8>=3.6, <3.6.6>=3.7, <3.7.2
    • M
    Open Redirect

    >=3.5, <3.5.8>=3.6, <3.6.6>=3.7, <3.7.2
    • M
    Open Redirect

    >=3.5, <3.5.8>=3.6, <3.6.6>=3.7, <3.7.2
    • M
    Improper Authorization

    >=3.5, <3.5.8>=3.6, <3.6.6>=3.7, <3.7.2
    • M
    Cross-site Scripting (XSS)

    >=3.10.0-beta, <3.10.2>=3.9.0-beta, <3.9.5>=3.6.0-beta, <3.8.8<3.5.17
    • M
    Information Exposure

    >=3.10.0-beta, <3.10.2>=3.9.0-beta, <3.9.5>=3.6.0-beta, <3.8.8<3.5.17
    • M
    Cross-site Scripting (XSS)

    >=3.10.0-beta, <3.10.2>=3.9.0-beta, <3.9.5>=3.6.0-beta, <3.8.8<3.5.17
    • M
    Improper Authorization

    >=3.10.0-beta, <3.10.2>=3.9.0-beta, <3.9.5>=3.6.0-beta, <3.8.8<3.5.17
    • M
    Information Exposure

    >=3.10.0-beta, <3.10.2>=3.9.0-beta, <3.9.5>=3.6.0-beta, <3.8.8<3.5.17
    • M
    Cross-site Scripting (XSS)

    >=3.10.0, <3.10.1
    • L
    Information Disclosure

    >=3.10.0, <3.10.1>=3.9.0, <3.9.4>=3.8.0, <3.8.7
    • L
    Denial of Service (DoS)

    >=3.10.0, <3.10.1>=3.9.0, <3.9.4>=3.8.0, <3.8.7>3.5.0, <3.5.16
    • H
    Cross-site Scripting (XSS)

    >=3.9.0, <3.9.2
    • M
    Denial of Service (DoS)

    >=3.9.0, <3.9.1>=3.8.0, <3.8.4>=3.7.0, <3.7.7<3.5.13
    • H
    Cross-site Scripting (XSS)

    >=3.9.0, <3.9.2>=3.8.0, <3.8.5>=3.7.0, <3.7.8
    • H
    Privilege Escalation

    >=3.9.0, <3.9.1>=3.8.0, <3.8.4>=3.7.0, <3.7.7<3.5.13
    • H
    Cross-site Scripting (XSS)

    >=3.9.0, <3.9.1>=3.8.0, <3.8.4>=3.7.0, <3.7.7<3.5.13
    • M
    Improper Access Control

    <3.5.15>=3.7.0, <3.7.9>=3.8.0, <3.8.6>=3.9.0, <3.9.3
    • M
    Improper Access Control

    <3.5.15>=3.7.0, <3.7.9>=3.8.0, <3.8.6>=3.9.0, <3.9.3
    • M
    Sensitive Data Exposure

    >=3.7.0, <3.7.9>=3.8.0, <3.8.6>=3.9.0, <3.9.3
    • M
    Cross-site Scripting (XSS)

    >=3.9.0, <3.9.3
    • M
    Improper Access Control

    <3.5.15>=3.7.0, <3.7.9>=3.8.0, <3.8.6>=3.9.0, <3.9.3
    • H
    Arbitrary Code Execution

    >=3.8.0, <3.8.3>=3.7.0, <3.7.6>=3.6.0, <3.6.10>=3.5.0, <3.5.12
    • H
    Information Exposure

    <3.7.2
    • L
    Information Exposure

    >=3.6, <3.6.4
    • M
    Open Redirect

    <3.1.18>=3.4, <3.4.9>=3.5, <3.5.6>=3.6, <3.6.4
    • L
    Security Issue

    <3.1.17>=3.4.0, <3.4.8>=3.5.0, <3.5.5>=3.6.0, <3.6.3
    • M
    Permissions Issue

    >=3.4.0, <3.4.8>=3.5.0, <3.5.5>=3.6.0, <3.6.3
    • M
    Permissions Issues

    <3.6.3
    • M
    Information Exposure

    >=3.4.0, <3.4.8>=3.5.0, <3.5.5>=3.6.0, <3.6.3
    • M
    Permissions Issues

    >=3.5.0, <3.5.5>=3.6.0, <3.6.3
    • L
    Security Issue

    >=3.1.0, <3.1.17>=3.4.0, <3.4.8>=3.5.0, <3.5.5>=3.6.0, <3.6.3
    • M
    Cross-site Request Forgery (CSRF)

    <3.1.15>=3.2.0, <3.3.9>=3.4.0, <3.4.6>=3.5.0, <3.5.3
    • H
    Arbitrary Code Execution

    <3.1.14>=3.3.0, <3.3.8>=3.4.0, <3.4.5>=3.5.0, <3.5.2
    • M
    Cross-site Scripting (XSS)

    <3.3.8>=3.4.0, <3.4.5>=3.5.0, <3.5.2
    • H
    Arbitrary Code Execution

    <3.1.13>=3.3.0, <3.3.7>=3.4.0, <3.4.4>=3.5.0, <3.5.1
    • M
    Information Exposure

    <3.1.13>=3.3.0, <3.3.7>=3.4.0, <3.4.4>=3.5.0, <3.5.1
    • M
    Information Exposure

    <3.3.7>=3.4.0, <3.4.4>=3.5.0, <3.5.1
    • H
    Denial of Service (DoS)

    <3.1.12>=3.2.0, <3.2.9>=3.3.0, <3.3.6>=3.4.0, <3.4.3
    • M
    Arbitrary File Download

    <3.1.12>=3.2.0, <3.2.9>=3.3.0, <3.3.6>=3.4.0, <3.4.3
    • M
    Arbitrary File Download

    >3.1.12>=3.2.0, <3.2.9>=3.3.0, <3.3.6>=3.4.0, <3.4.3
    • H
    Arbitrary Code Execution

    <3.1.12>=3.2.0, <3.2.9>=3.3.0, <3.3.6>=3.4.0, <3.4.3
    • C
    Authentication Bypass

    >=3.3, <3.3.5>=3.4, <3.4.2
    • M
    Authentication Bypass

    >=3.1, <3.1.11>=3.2, <3.2.8>=3.3, <3.3.5>=3.4, <3.4.2
    • M
    Information Exposure

    >=3.1, <3.1.9>=3.2, <3.2.6>=3.3, <3.3.2
    • M
    Cross-site Scripting (XSS)

    >=3.1, <3.1.10>=3.2, <3.2.7>=3.3, <3.3.4
    • M
    Server Side Request Forgery (SSRF)

    >=3.1, <3.1.10>=3.2, <3.2.7>=3.3, <3.3.4>=3.4, <3.4.1
    • M
    Blacklist Bypass

    >=3.4, <3.4.1>=3.3, <3.3.4>=3.2, <3.2.7
    • M
    Arbitrary E-mail Header Injection

    <1.9.16>=2.0.0, <2.0.7>=2.1.0, <2.1.4>=2.2.0, <2.2.1
    • M
    Information Exposure

    >=3.4, <3.4.1>=3.3, <=3.3.3>=3.2, <=3.2.6>=3.1, <=3.1.9