194 matches found
EUVD-2020-5420
Malware in sbrugna...
EUVD-2019-11056
Malware in sbrugna...
EUVD-2019-11057
Malware in sbrugna...
EUVD-2017-9497
Malware in sbrugna...
EUVD-2021-25610
Malware in sbrugna...
EUVD-2024-39195
Malicious code in bioql PyPI...
EUVD-2023-0127
Malicious code in bioql PyPI...
EUVD-2022-53406
Malicious code in bioql PyPI...
EUVD-2024-40448
Malicious code in bioql PyPI...
EUVD-2024-46125
Malicious code in bioql PyPI...
EUVD-2025-28136
Malicious code in bioql PyPI...
EUVD-2024-19785
Malicious code in bioql PyPI...
CVE-2025-47942
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2024-41806
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-22209
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
CVE-2021-39248
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion...
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...