ghsa

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking `shell.exec` without sanitization nor parametrization while concatenating the current directory as part of the command string.