Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

openedx — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting openedx. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open edX is an open-source learning management platform used by educational institutions and organizations to deliver online courses. Historically, the platform has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 9 CVEs currently documented. Security researchers have identified common weaknesses in authentication mechanisms, input validation, and access controls. While no major public security incidents have been widely reported, the platform's open nature requires regular security updates and careful configuration to mitigate risks. Organizations implementing Open edX must prioritize security hardening and continuous monitoring to address potential threats and protect sensitive educational data.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint — edx-enterpriseCWE-918 8.5 High2026-05-11
CVE-2026-42857 Open edX Platform: Stored CSS Injection in Email Notifications via Incomplete HTML Sanitization — openedx-platformCWE-79 4.6 Medium2026-05-11
CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint — openedx-platformCWE-918 8.5 High2026-05-11
CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter — openedx-platformCWE-601 4.7 Medium2026-04-06
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API — openedx-platformCWE-287 5.3 Medium2026-04-02
CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access — edx-platformCWE-862 9.9 Critical2025-12-16
CVE-2025-47942 Learners on edX Platform can download python_lib.zip — edx-platformCWE-862 5.3 Medium2025-05-21
CVE-2024-43782 openedx-translations's Atlas translations for Open edX missing validation — openedx-translationsCWE-74 7.7 High2024-08-23
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default — edx-platformCWE-284 5.3 Medium2024-07-25
CVE-2024-22209 XBlock custom auth does not respect JWT Scopes — edx-platformCWE-284 6.4 Medium2024-01-13
CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation — xblock-lti-consumerCWE-862 5.4 Medium2023-01-25
CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields — xblock-drag-and-drop-v2CWE-79 8.4 High2022-11-28

This page lists every published CVE security advisory associated with openedx. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.