Browse all 120 CVE security advisories affecting OpenEMR. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenEMR is an open-source electronic health record and medical practice management application designed to facilitate patient data management and clinical workflows. Historically, its codebase has exhibited significant security flaws, with over 120 Common Vulnerabilities and Exposures (CVEs) recorded. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within the PHP-based architecture. Notable incidents include critical flaws allowing unauthenticated attackers to execute arbitrary commands or bypass authentication mechanisms, exposing sensitive patient information. The high volume of historical CVEs reflects challenges in maintaining rigorous security standards across a large, community-driven codebase. While recent updates have addressed many issues, the application’s complexity and extensive feature set continue to present attack surfaces that require diligent patching and configuration hardening to mitigate risks associated with data breaches and unauthorized system access.
CVE-2026-279432026-02-26CVE-2026-259272026-02-26CVE-2026-259292026-02-26CVE-2026-259302026-02-26CVE-2026-257432026-02-26CVE-2026-252202026-02-26CVE-2026-249082026-02-26CVE-2026-254762026-02-26CVE-2026-236272026-02-26CVE-2026-251352026-02-25CVE-2026-251272026-02-25CVE-2026-251312026-02-25CVE-2026-251242026-02-25CVE-2025-682772026-02-25CVE-2025-677522026-02-25CVE-2025-543732026-01-28Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with OpenEMR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.