Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenEMR — Vulnerabilities & Security Advisories 120

Browse all 120 CVE security advisories affecting OpenEMR. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenEMR is an open-source electronic health record and medical practice management application designed to facilitate patient data management and clinical workflows. Historically, its codebase has exhibited significant security flaws, with over 120 Common Vulnerabilities and Exposures (CVEs) recorded. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within the PHP-based architecture. Notable incidents include critical flaws allowing unauthenticated attackers to execute arbitrary commands or bypass authentication mechanisms, exposing sensitive patient information. The high volume of historical CVEs reflects challenges in maintaining rigorous security standards across a large, community-driven codebase. While recent updates have addressed many issues, the application’s complexity and extensive feature set continue to present attack surfaces that require diligent patching and configuration hardening to mitigate risks associated with data breaches and unauthorized system access.

Found 37 results / 120Clear Filters
Top products by OpenEMR: OpenEMR openemr/openemr
CVE IDTitleCVSSSeverityPublished
CVE-2024-0875 Stored XSS in openemr/openemr — openemr/openemrCWE-79 5.4AIMediumAI2024-11-15
CVE-2023-2948 Cross-site Scripting (XSS) - Generic in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-28
CVE-2023-2949 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2023-05-28
CVE-2023-2950 Improper Authorization in openemr/openemr — openemr/openemrCWE-285 7.1 -2023-05-28
CVE-2023-2946 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 5.4 -2023-05-27
CVE-2023-2947 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-27
CVE-2023-2945 Missing Authorization in openemr/openemr — openemr/openemrCWE-862 6.5 -2023-05-27
CVE-2023-2944 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 5.4 -2023-05-27
CVE-2023-2943 Code Injection in openemr/openemr — openemr/openemrCWE-94 8.6 -2023-05-27
CVE-2023-2942 Improper Input Validation in openemr/openemr — openemr/openemrCWE-20 9.1 -2023-05-27
CVE-2023-2674 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 4.3 -2023-05-12
CVE-2023-2566 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-08
CVE-2022-4733 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-12-24
CVE-2022-4615 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-12-19
CVE-2022-4567 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 4.3 -2022-12-17
CVE-2022-4503 Cross-site Scripting (XSS) - Generic in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-12-15
CVE-2022-4506 Unrestricted Upload of File with Dangerous Type in openemr/openemr — openemr/openemrCWE-434 7.2 -2022-12-15
CVE-2022-4505 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.8 High2022-12-15
CVE-2022-4504 Improper Input Validation in openemr/openemr — openemr/openemrCWE-20 7.5 -2022-12-15
CVE-2022-4502 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-12-15
CVE-2022-2824 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.8 High2022-08-15
CVE-2022-2734 Improper Restriction of Rendered UI Layers or Frames in openemr/openemr — openemr/openemrCWE-1021 5.4 -2022-08-09
CVE-2022-2732 Missing Authorization in openemr/openemr — openemr/openemrCWE-862 8.3 High2022-08-09
CVE-2022-2733 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-08-09
CVE-2022-2731 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-08-09
CVE-2022-2729 Cross-site Scripting (XSS) - DOM in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-08-09
CVE-2022-2730 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.2 -2022-08-09
CVE-2022-2494 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-07-22
CVE-2022-2493 Data Access from Outside Expected Data Manager Component in openemr/openemr — openemr/openemrCWE-1083 6.5 -2022-07-22
CVE-2022-1461 Non Privilege User can Enable or Disable Registered in openemr/openemr — openemr/openemrCWE-1220 6.5 -2022-04-25

This page lists every published CVE security advisory associated with OpenEMR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.