Product
openedx
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-42860
CVE-2026-42858
CVE-2026-42857
CVE-2026-35404
CVE-2024-43782
CVE-2023-23611
CVE-2022-46147
CVE-2022-32195
CVE-2019-20513
CVE-2019-20512
CVE-2015-2286
>= 7.0.2 and < 7.0.5
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_
< 2026-04-24
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProvi
< 2026-04-24
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body()
<= 2026-04-02
Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_
all versions
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Befo
>= 7.0.0 and < 7.2.2
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools.
< 3.0.0
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Ve
< 2022-06-06
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
all versions
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.
all versions
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.
<= 2015-01-27
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-rese