Openedx Platform
by Openedx
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68270 | Cri | 0.64 | 9.9 | 0.00 | Dec 16, 2025 | The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and… | ||
| CVE-2026-42858 | Hig | 0.48 | 8.5 | 0.00 | May 11, 2026 | Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed… | ||
| CVE-2015-6671 | Med | 0.38 | 5.9 | 0.01 | Mar 13, 2017 | Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | ||
| CVE-2026-34736 | Med | 0.27 | 5.3 | 0.00 | Apr 2, 2026 | Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens… | ||
| CVE-2025-47942 | Med | 0.27 | 5.3 | 0.00 | May 21, 2025 | The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or… | ||
| CVE-2024-41806 | Med | 0.27 | 5.3 | 0.00 | Jul 25, 2024 | The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become… | ||
| CVE-2026-42857 | Med | 0.23 | 4.6 | 0.00 | May 11, 2026 | Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with… | ||
| CVE-2024-22209 | 0.00 | — | 0.01 | Jan 13, 2024 | Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. | |||
| CVE-2022-32195 | 0.00 | — | 0.02 | Jun 9, 2022 | Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||
| CVE-2021-39248 | 0.00 | — | 0.01 | Aug 17, 2021 | Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion. |
- risk 0.64cvss 9.9epss 0.00
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and…
- risk 0.48cvss 8.5epss 0.00
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed…
- risk 0.38cvss 5.9epss 0.01
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
- risk 0.27cvss 5.3epss 0.00
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens…
- risk 0.27cvss 5.3epss 0.00
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or…
- risk 0.27cvss 5.3epss 0.00
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become…
- risk 0.23cvss 4.6epss 0.00
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with…
- CVE-2024-22209Jan 13, 2024risk 0.00cvss —epss 0.01
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
- CVE-2022-32195Jun 9, 2022risk 0.00cvss —epss 0.02
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
- CVE-2021-39248Aug 17, 2021risk 0.00cvss —epss 0.01
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.