Nixpkgs Security Tracker

Permalink CVE-2026-26047

created 50 minutes ago

Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

Affected products

moodle

<4.5.9
<5.0.5
<5.1.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2026-26045

created 50 minutes ago

Moodle: moodle: improper validation in file restore functionality leading to remote code execution

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

Affected products

moodle

<4.5.9
<5.0.5
<5.1.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2026-26046

created 50 minutes ago

Moodle: moodle: improper input sanitization in tex filter administration setting

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

Affected products

moodle

<4.5.9
<5.0.5
<5.1.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1168

created 3 days, 18 hours ago

Moodle before 2.2.2 has a password and web services issue …

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

Affected products

Moodle

==2.0 to 2.0.7+
==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1155

created 3 days, 19 hours ago

Moodle has a database activity export permission issue where the …

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Affected products

Moodle

==1.9.x
==2.1.x
==2.2.x
==2.0.x

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1158

created 3 days, 19 hours ago

Moodle before 2.2.2 has a course information leak in gradebook …

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

Affected products

Moodle

==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1159

created 3 days, 20 hours ago

Moodle before 2.2.2: Overview report allows users to see hidden …

Moodle before 2.2.2: Overview report allows users to see hidden courses

Affected products

Moodle

==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1156

created 3 days, 20 hours ago

Moodle before 2.2.2 has users' private files included in course …

Moodle before 2.2.2 has users' private files included in course backups

Affected products

Moodle

==2.0 to 2.0.7+
==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1161

created 3 days, 21 hours ago

Moodle before 2.2.2: Course information leak via hidden courses being …

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Affected products

Moodle

==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Permalink CVE-2012-1157

created 3 days, 22 hours ago

Moodle before 2.2.2 has a default repository capabilities issue where …

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

Affected products

Moodle

==2.0 to 2.0.7+
==2.2 to 2.2.1+
==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.1.1
- nixos-unstable-small 5.1.1
nixos-25.11 5.0.4
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 2.3.13
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Suggestions search

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers