pkg:Packagist/librenms/librenms

101 total CVEsCRITICAL7HIGH36MEDIUM46LOW5

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2022-4070Insufficient Session Expiration in librenms/librenms
from 0, < 22.10.0
CRITICAL9.8CVE-2019-10665LibreNMS Information Disclosure
from 0, <= 1.47
CRITICAL9.8CVE-2018-20434LibreNMS arbitrary OS commands execution
CRITICAL9.8CVE-2021-44278Path traversal in librenms/librenms
from 0, <= 21.11.0
CRITICAL9.3CVE-2026-26988LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.
from 0, < 26.2.0
CRITICAL9.1CVE-2024-51092LibreNMS has an Authenticated OS Command Injection
from 0, < 24.10.0
CRITICAL9.1CVE-2019-10668Missing Authentication for Critical Function in LibreNMS
from 0, < 1.50.1
HIGH8.8CVE-2026-26990LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php
from 0, < 26.2.0
HIGH8.8CVE-2024-32461LibreNMS vulnerable to SQL injection time-based leads to database extraction
from 0, < 24.4.0
HIGH8.8CVE-2022-3525Deserialization of Untrusted Data in librenms/librenms
from 0, < 22.10.0
HIGH8.8CVE-2018-20678LibreNMS SQL Injection
from 0, < 1.65
HIGH8.8CVE-2020-15877Exposure of Resource to Wrong Sphere in LibreNMS
from 0, < 1.65.1
HIGH8.8CVE-2020-35700SQL Injection in librenms
from 0, < 21.1.0
HIGH8.8CVE-2019-10671SQL Injection in LibreNMS
from 0, < 1.50.1
HIGH8.8CVE-2019-12463Improper Encoding or Escaping of Output and Injection in LibreNMS
>= 1.50.1, < 1.53
HIGH8.4CVE-2023-5060Cross site scripting in librenms
from 0, < 23.9.1
HIGH8.1CVE-2019-12465SQL Injection in LibreNMS
from 0, < 1.53
HIGH7.8CVE-2023-5591SQL injection in librenms/librenms
from 0, < 23.10.0
HIGH7.6CVE-2023-4347LibreNMS Cross-site Scripting vulnerability
from 0, < 23.8.0
HIGH7.6CVE-2022-4068Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
HIGH7.5CVE-2025-54138LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
from 0, < 25.7.0
HIGH7.5CVE-2024-52526LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-51497LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
from 0, < 24.10.0
HIGH7.5CVE-2024-51496LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-51495LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-51494LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
from 0, < 24.10.0
HIGH7.5CVE-2024-50352LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-50351LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
from 0, < 24.10.0
HIGH7.5CVE-2024-50350LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
from 0, < 24.10.0
HIGH7.5CVE-2024-49764LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-49759Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-49754LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
from 0, < 24.10.0
HIGH7.5CVE-2024-47523LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
from 0, < 24.9.0
HIGH7.5CVE-2024-47525LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
from 0, < 24.9.0
HIGH7.5CVE-2024-47527LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
from 0, < 24.9.0
HIGH7.5CVE-2019-12464Path Traversal in LibreNMS
from 0, < 1.53
HIGH7.2CVE-2024-50355LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
from 0, < 24.10.0
HIGH7.2CVE-2024-47524LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
from 0, < 24.9.0
HIGH7.2CVE-2024-32480LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
from 0, < 24.4.0
HIGH7.1CVE-2020-36947LibreNMS contains an authenticated SQL Injection vulnerability
from 0, <= 1.46
HIGH7.1CVE-2024-32479LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
from 0, < 24.4.0
HIGH7.1CVE-2022-0580Improper Access Control in librenms
from 0, < 22.2.0
HIGH7.1CVE-2022-0587Improper Authorization in librenms
from 0, < 22.2.0
MEDIUM6.8CVE-2024-49758LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
from 0, < 24.10.0
MEDIUM6.5CVE-2020-15873LibreNMS SQL Injection vulnerability
from 0, < 1.65.1
MEDIUM6.5CVE-2022-0588Missing Authorization in librenms/librenms
from 0, < 22.2.0
MEDIUM6.3CVE-2023-48295LibreNMS Cross-site Scripting at Device groups Deletion feature
from 0, < 23.11.0
MEDIUM6.2CVE-2025-65013LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
from 0, < 25.11.0
MEDIUM6.1CVE-2023-4978LibreNMS Cross-site Scripting vulnerability
from 0, < 23.9.0
MEDIUM6.1CVE-2022-3561Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
MEDIUM6.1CVE-2022-3516Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
MEDIUM6.1CVE-2022-36746LibreNMS vulnerable to Cross-Site Scripting (XSS)
from 0, < 22.7.0
MEDIUM6.1CVE-2022-36745LibreNMS vulnerable to Cross-Site Scripting (XSS)
from 0, < 22.7.0
MEDIUM6.1CVE-2022-29711Cross site scripting in librenms
from 0, < 22.4.0
MEDIUM6.1CVE-2018-18478LibreNMS XSS Vulnerability
from 0, < 1.44
MEDIUM6.1CVE-2022-0576Cross-site Scripting in librenms
from 0, < 22.1.0
MEDIUM6.1CVE-2021-44279Cross-site Scripting in LibreNMS
from 0, <= 21.11.0
MEDIUM6.1CVE-2021-44277Cross-site Scripting in LibreNMS
from 0, <= 21.11.0
MEDIUM6.1CVE-2021-43324Cross-site Scripting in LibreNMS
from 0, < 21.11.0
MEDIUM5.9CVE-2017-16759LibreNMS Arbitrary File Read
from 0, < 1.31
MEDIUM5.5CVE-2025-65093LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
from 0, < 25.11.0
MEDIUM5.5CVE-2025-62411LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
from 0, < 25.10.0
MEDIUM5.5CVE-2025-55296LibreNMS allows stored XSS in Alert Template name field
from 0, < 25.8.0
MEDIUM5.4CVE-2026-27016LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
>= 24.10.0, < 26.2.0
MEDIUM5.4CVE-2025-23201Librenms has a reflected XSS on error alert
from 0, < 24.11.0
MEDIUM5.4CVE-2024-53457LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
>= 24.9.0, < 24.11.0
MEDIUM5.4CVE-2023-4982LibreNMS Cross-site Scripting vulnerability
from 0, < 23.9.0
MEDIUM5.4CVE-2023-4979LibreNMS Cross-site Scripting vulnerability
from 0, < 23.9.0
MEDIUM5.4CVE-2023-4981LibreNMS Cross-site Scripting vulnerability
from 0, < 23.9.0
MEDIUM5.4CVE-2023-4980LibreNMS Cross-site Scripting vulnerability
from 0, < 23.9.0
MEDIUM5.4CVE-2023-4977LibreNMS Code Injection vulnerability
from 0, < 23.9.0
MEDIUM5.4CVE-2022-4067Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
MEDIUM5.4CVE-2022-3562Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
MEDIUM5.4CVE-2022-3231LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
from 0, < 22.9.0
MEDIUM5.4CVE-2022-0589Cross-site Scripting in librenms
from 0, < 22.1.0
MEDIUM5.4CVE-2022-0575Cross-site Scripting in librenms
from 0, < 22.2.0
MEDIUM5.4CVE-2021-31274Cross-site Scripting in LibreNMS
from 0, < 21.3.0
MEDIUM5.3CVE-2023-46745LibreNMS vulnerable to rate limiting bypass on login page
from 0, < 23.11.0
MEDIUM5.3CVE-2019-10667Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
from 0, < 1.50.1
MEDIUM4.8CVE-2024-47528LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
from 0, < 24.9.0
MEDIUM4.8CVE-2022-4069Cross-site Scripting in librenms/librenms
from 0, < 22.10.0
MEDIUM4.8CVE-2022-0772Cross site scripting in LibreNMS
from 0, < 22.2.2
MEDIUM4.6CVE-2025-23200LibreNMS Misc Section Stored Cross-site Scripting vulnerability
>= 23.9.0, < 24.11.0
MEDIUM4.6CVE-2025-23199LibreNMS Ports Stored Cross-site Scripting vulnerability
from 0, < 24.11.0
MEDIUM4.6CVE-2025-23198LibreNMS Display Name Stored Cross-site Scripting vulnerability
>= 24.9.0, < 24.11.0
MEDIUM4.6CVE-2024-56144LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability
>= 24.11.10, < 24.12.0
MEDIUM4.3CVE-2026-26989LibreNMS has a Stored XSS in Alert Rule
from 0, < 26.2.0
MEDIUM4.3CVE-2025-68614LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
from 0, < 25.12.0
MEDIUM4.3CVE-2023-48294LibreNMS has Broken Access control on Graphs Feature
from 0, < 23.11.0
LOW3.8CVE-2025-62412LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
from 0, < 25.10.0
LOW3.7CVE-2025-65014LibreNMS has Weak Password Policy
from 0, < 25.11.0
LOW3.5CVE-2026-2728LibreNMS: Cross-Site Scripting in ShowConfigController
from 0, < 26.3.0
LOW3.5CVE-2026-2728LibreNMS: Cross-Site Scripting in ShowConfigController
>= 25.12.0, < 26.3.0
LOW3.5CVE-2024-47526LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
from 0, < 24.9.0
—CVE-2026-6204LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
>= 1.48, < 26.3.0
—CVE-2026-26992LibreNMS /port-groups name Stored Cross-Site Scripting
from 0, < 26.2.0
—CVE-2026-26991LibreNMS /device-groups name Stored Cross-Site Scripting
from 0, < 26.2.0
—CVE-2026-26987LibreNMS affected by reflected xss via email field
from 0, < 26.2.0
—CVE-2025-62365LibreNMS is vulnerable to Reflected-XSS in `report_this` function
from 0, < 25.7.0
—CVE-2025-47931LibreNMS stored Cross-site Scripting vulnerability in poller group name
from 0, < 25.5.0
—CVE-2022-29712Command injection in librenms
from 0, < 22.4.0