Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

librenms — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting librenms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LibreNMS is an open-source network monitoring system designed for automated discovery and comprehensive device tracking, primarily serving IT infrastructure teams. Its architecture, built on PHP and MySQL, has historically exposed it to a significant volume of security flaws, currently totaling 75 recorded CVEs. Common vulnerability classes include remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation in web interfaces. Privilege escalation issues have also been prevalent, allowing unauthorized users to gain administrative control. While the project maintains an active community response to patch these defects, the sheer number of disclosed issues highlights the challenges of maintaining complex web-based monitoring tools. Recent incidents have largely focused on authenticated attacks, emphasizing the critical need for strict access controls and regular updates to mitigate exploitation risks in production environments.

Found 50 results / 75Clear Filters
Top products by librenms: librenms librenms/librenms
CVE IDTitleCVSSSeverityPublished
CVE-2026-6204 LibreNMS 安全漏洞 — librenmsCWE-78 7.2 -2026-04-13
CVE-2026-2728 LibreNMS 安全漏洞 — librenmsCWE-79 4.8 -2026-04-13
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name — librenmsCWE-79 4.8 -2026-02-20
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name — librenmsCWE-79 4.8 -2026-02-20
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags() — librenmsCWE-79 5.4 Medium2026-02-20
CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php — librenmsCWE-89 8.8 High2026-02-20
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule — librenmsCWE-79 4.3 Medium2026-02-20
CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream — librenmsCWE-89 9.8 -2026-02-20
CVE-2026-26987 LibreNMS affected by reflected XSS via email field — librenmsCWE-79 6.1 -2026-02-20
CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection — LibreNMSCWE-89 7.1 High2026-01-27
CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability — librenmsCWE-79 4.3 Medium2025-12-22
CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint — librenmsCWE-89 5.5 Medium2025-11-18
CVE-2025-65014 LibreNMS has Weak Password Policy — librenmsCWE-521 3.7 Low2025-11-18
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` — librenmsCWE-79 6.2 Medium2025-11-18
CVE-2025-62412 LibreNMS alert-rules Cross-Site Scripting Vulnerability — librenmsCWE-79 3.8 Low2025-10-16
CVE-2025-62411 Stored XSS in Alert Transport name field in LibreNMS — librenmsCWE-79 5.5 Medium2025-10-16
CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function — librenmsCWE-79 6.1AIMediumAI2025-10-13
CVE-2025-55296 LibreNMS allows stored XSS in Alert Template name field — librenmsCWE-79 5.5 Medium2025-08-18
CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE — librenmsCWE-98 7.5 High2025-07-22
CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name — librenmsCWE-79 5.4AIMediumAI2025-05-17
CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms — librenmsCWE-79 4.6 Medium2025-01-16
CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms — librenmsCWE-79 4.6 Medium2025-01-16
CVE-2025-23199 Stored XSS-LibreNMS-Ports in librenms — librenmsCWE-79 4.6 Medium2025-01-16
CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms — librenmsCWE-79 4.6 Medium2025-01-16
CVE-2025-23201 Reflected Cross-site Scripting on error alert in librenms — librenmsCWE-79 5.4 Medium2025-01-16
CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-51497 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-51495 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php — librenmsCWE-79 4.8 Medium2024-11-15
CVE-2024-51494 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php — librenmsCWE-79 4.8 Medium2024-11-15

This page lists every published CVE security advisory associated with librenms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.