Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

librenms — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting librenms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LibreNMS is an open-source network monitoring system designed for automated discovery and comprehensive device tracking, primarily serving IT infrastructure teams. Its architecture, built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 75 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation in web interfaces. Privilege escalation issues have also been prevalent, allowing unauthorized users to gain administrative control. While the project maintains an active community response to patch these defects, the sheer number of disclosed issues highlights the challenges of maintaining complex web-based monitoring tools. Recent incidents have largely focused on authenticated attacks, emphasizing the critical need for strict access controls and regular updates to mitigate exploitation risks in production environments.

Top products by librenms: librenms librenms/librenms
CVE IDTitleCVSSSeverityPublished
CVE-2022-3516 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-11-20
CVE-2022-3525 Deserialization of Untrusted Data in librenms/librenms — librenms/librenmsCWE-502 9.8 -2022-11-20
CVE-2022-3562 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-11-20
CVE-2022-4067 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-11-20
CVE-2022-4068 Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms — librenms/librenmsCWE-915 8.2 -2022-11-20
CVE-2022-4069 Cross-site Scripting (XSS) - Generic in librenms/librenms — librenms/librenmsCWE-79 6.1 -2022-11-20
CVE-2022-4070 Insufficient Session Expiration in librenms/librenms — librenms/librenmsCWE-613 9.8 -2022-11-20
CVE-2022-3231 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-09-17
CVE-2022-0772 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-02-27
CVE-2022-0589 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-02-15
CVE-2022-0588 Missing Authorization in librenms/librenms — librenms/librenmsCWE-862 7.1 High2022-02-15
CVE-2022-0587 Improper Authorization in librenms/librenms — librenms/librenmsCWE-285 8.1 -2022-02-15
CVE-2022-0580 Incorrect Authorization in librenms/librenms — librenms/librenmsCWE-863 7.1 High2022-02-14
CVE-2022-0575 Cross-site Scripting (XSS) - Stored in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-02-13
CVE-2022-0576 Cross-site Scripting (XSS) - Generic in librenms/librenms — librenms/librenmsCWE-79 5.4 -2022-02-13

This page lists every published CVE security advisory associated with librenms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.