CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

CVE-2023-5542

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

CVE-2022-40316

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.