Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LibreNMS — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting LibreNMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LibreNMS is an open-source network monitoring system designed for automated discovery and comprehensive device tracking, primarily serving IT infrastructure teams. Its architecture, built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 75 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation in web interfaces. Privilege escalation issues have also been prevalent, allowing unauthorized users to gain administrative control. While the project maintains an active community response to patch these defects, the sheer number of disclosed issues highlights the challenges of maintaining complex web-based monitoring tools. Recent incidents have largely focused on authenticated attacks, emphasizing the critical need for strict access controls and regular updates to mitigate exploitation risks in production environments.

Top products by LibreNMS: librenms librenms/librenms
CVE IDTitleCVSSSeverityPublished
CVE-2024-50355 LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-50352 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-50351 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-49759 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-49758 LibreNMS has a stored XSS in ExamplePlugin with Device's Notes — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-49754 LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php — librenmsCWE-79 7.5 High2024-11-15
CVE-2024-47523 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature — librenmsCWE-79 7.5 High2024-10-01
CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name — librenmsCWE-79 7.2 High2024-10-01
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php — librenmsCWE-79 7.5 High2024-10-01
CVE-2024-47526 LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.inc.php — librenmsCWE-79 3.5 Low2024-10-01
CVE-2024-47527 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php — librenmsCWE-79 7.5 High2024-10-01
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload — librenmsCWE-116 4.8 -2024-10-01
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction — librenmsCWE-89 7.2 High2024-04-22
CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS — librenmsCWE-79 7.1 High2024-04-22
CVE-2024-32461 LibreNMS vulnerable to time-based SQL injection that leads to database extraction — librenmsCWE-89 7.1 High2024-04-22
CVE-2023-46745 Rate limiting Bypass on login page in libreNMS — librenmsCWE-307 5.3 Medium2023-11-17
CVE-2023-48294 Broken Access control on Graphs Feature in LibreNMS — librenmsCWE-200 4.3 Medium2023-11-17
CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS — librenmsCWE-79 6.3 Medium2023-11-17
CVE-2023-5591 SQL Injection in librenms/librenms — librenms/librenmsCWE-89 6.5 -2023-10-16
CVE-2023-5060 Cross-site Scripting (XSS) - DOM in librenms/librenms — librenms/librenmsCWE-79 5.4 -2023-09-19
CVE-2023-4982 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2023-09-15
CVE-2023-4981 Cross-site Scripting (XSS) - DOM in librenms/librenms — librenms/librenmsCWE-79 5.4 -2023-09-15
CVE-2023-4980 Cross-site Scripting (XSS) - Generic in librenms/librenms — librenms/librenmsCWE-79 5.4 -2023-09-15
CVE-2023-4978 Cross-site Scripting (XSS) - DOM in librenms/librenms — librenms/librenmsCWE-79 5.4 -2023-09-15
CVE-2023-4977 Code Injection in librenms/librenms — librenms/librenmsCWE-94 6.0 -2023-09-15
CVE-2023-4979 Cross-site Scripting (XSS) - Reflected in librenms/librenms — librenms/librenmsCWE-79 6.1 -2023-09-15
CVE-2023-4347 Cross-site Scripting (XSS) - Reflected in librenms/librenms — librenms/librenmsCWE-79 6.1 -2023-08-15
CVE-2022-3561 Cross-site Scripting (XSS) - Generic in librenms/librenms — librenms/librenmsCWE-79 6.1 -2022-11-20

This page lists every published CVE security advisory associated with LibreNMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.