moodle/moodle vulnerabilities

Moodle - the world's open source learning platform

licenses detected
- (GPL-3.0 OR LGPL-2.1 OR MIT)
  >=v2.5.0-beta, <v3.2.0-beta
- GPL-3.0
  >=v2.3.4, <v2.5.0-beta; >=v3.2.0-beta

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the moodle/moodle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Input Validation	<3.9.15 >=3.10.0-beta, <3.11.8 >=4.0.0-beta, <4.0.2
C SQL Injection	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Calculation	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Information Exposure	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Cross-site Scripting (XSS)	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M External Control of Assumed-Immutable Web Parameter	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Authorization	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
H Improper Authentication	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
M SQL Injection	<3.9.13 >=3.10.0, <3.10.10 >=3.11.0, <3.11.6
M SQL Injection	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Cross-site Scripting (XSS)	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Denial of Service (DoS)	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Information Exposure	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Cross-site Scripting (XSS)	<3.5.18 >=3.8, <3.8.8 >=3.9, <3.9.7 >=3.10, <3.10.4
C SQL Injection	>=3.11, <3.11.5
L Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
H Cross-site Request Forgery (CSRF)	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Arbitrary File Read	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Information Exposure	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Access Control	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Authentication	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Access Restriction Bypass	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
H Arbitrary Code Execution	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Improper Authorization	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
H Cross-site Request Forgery (CSRF)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=0.0.0
M Improper Input Validation	<3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
L Improper Authentication	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Improper Authorization	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Improper Authorization	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0, <3.10.1
L Information Disclosure	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7
L Denial of Service (DoS)	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7 >3.5.0, <3.5.16
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2
M Denial of Service (DoS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2 >=3.8.0, <3.8.5 >=3.7.0, <3.7.8
H Privilege Escalation	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Sensitive Data Exposure	>=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Cross-site Scripting (XSS)	>=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
H Arbitrary Code Execution	>=3.8.0, <3.8.3 >=3.7.0, <3.7.6 >=3.6.0, <3.6.10 >=3.5.0, <3.5.12
H Information Exposure	<3.7.2
L Information Exposure	>=3.6, <3.6.4
M Open Redirect	<3.1.18 >=3.4, <3.4.9 >=3.5, <3.5.6 >=3.6, <3.6.4
L Security Issue	<3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	>=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issue	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	<3.6.3
M Information Exposure	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
L Security Issue	>=3.1.0, <3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Cross-site Request Forgery (CSRF)	<3.1.15 >=3.2.0, <3.3.9 >=3.4.0, <3.4.6 >=3.5.0, <3.5.3
H Arbitrary Code Execution	<3.1.14 >=3.3.0, <3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
M Cross-site Scripting (XSS)	<3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
H Arbitrary Code Execution	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
H Denial of Service (DoS)	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	>3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
H Arbitrary Code Execution	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
C Authentication Bypass	>=3.3, <3.3.5 >=3.4, <3.4.2
M Authentication Bypass	>=3.1, <3.1.11 >=3.2, <3.2.8 >=3.3, <3.3.5 >=3.4, <3.4.2
M Information Exposure	>=3.1, <3.1.9 >=3.2, <3.2.6 >=3.3, <3.3.2
M Cross-site Scripting (XSS)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4
M Server Side Request Forgery (SSRF)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4 >=3.4, <3.4.1
M Blacklist Bypass	>=3.4, <3.4.1 >=3.3, <3.3.4 >=3.2, <3.2.7
M Arbitrary E-mail Header Injection	<1.9.16 >=2.0.0, <2.0.7 >=2.1.0, <2.1.4 >=2.2.0, <2.2.1
M Information Exposure	>=3.4, <3.4.1 >=3.3, <=3.3.3 >=3.2, <=3.2.6 >=3.1, <=3.1.9

moodle/moodle vulnerabilities

Moodle - the world's open source learning platform

licenses detected

Direct Vulnerabilities