99 matches found
EUVD-2025-28136
Malicious code in bioql PyPI...
CVE-2025-47942
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2024-41806
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-22209
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...
CVE-2018-20859
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...
CVE-2015-6253
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses...
CVE-2015-6960
edx-platform before 2015-09-17 allows XSS via a team name...
CVE-2015-5601
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
CVE-2025-47942
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
PT-2025-22436 · Unknown · Open Edx Platform
Name of the Vulnerable Software and Affected Versions: The Open edX Platform versions prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba Description: The issue concerns the Open edX Platform, a learning management platform, where prior to a specific commit, there was no built-in protection...
Open edX Platform 安全漏洞
Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in versions prior to Open edX Platform 6740e75, which stems fro...
CVE-2024-43782
Technical details about CVE-2024-43782 are not publicly provided in the supplied documents. Monitor for updates as affected versions, exploit availability, and fixes may be disclosed in future advisories.
CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...
CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...
PT-2024-30652 · Open Edx +1 · Openedx-Atlas +4
Name of the Vulnerable Software and Affected Versions: openedx-translations affected versions not specified edx-platform versions from 'redwood' to 'master' Description: The openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex...
The vulnerability of the AWS S3 Bucket Handler component of the online training platform Open edX, which allows a hacker to expose protected information.
The vulnerability of the AWS S3 Bucket Handler component of the online training platform Open edX Platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
CVE-2024-41806
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...