Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openemr — Vulnerabilities & Security Advisories 120

Browse all 120 CVE security advisories affecting openemr. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenEMR is an open-source electronic health record and medical practice management application designed to facilitate patient data management and clinical workflows. Historically, its codebase has exhibited significant security flaws, with over 120 Common Vulnerabilities and Exposures (CVEs) recorded. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within the PHP-based architecture. Notable incidents include critical flaws allowing unauthenticated attackers to execute arbitrary commands or bypass authentication mechanisms, exposing sensitive patient information. The high volume of historical CVEs reflects challenges in maintaining rigorous security standards across a large, community-driven codebase. While recent updates have addressed many issues, the application’s complexity and extensive feature set continue to present attack surfaces that require diligent patching and configuration hardening to mitigate risks associated with data breaches and unauthorized system access.

Top products by openemr: OpenEMR openemr/openemr
CVE IDTitleCVSSSeverityPublished
CVE-2023-2943 Code Injection in openemr/openemr — openemr/openemrCWE-94 8.6 -2023-05-27
CVE-2023-2942 Improper Input Validation in openemr/openemr — openemr/openemrCWE-20 9.1 -2023-05-27
CVE-2023-2674 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 4.3 -2023-05-12
CVE-2023-2566 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-08
CVE-2022-4733 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-12-24
CVE-2022-4615 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-12-19
CVE-2022-4567 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 4.3 -2022-12-17
CVE-2022-4502 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-12-15
CVE-2022-4503 Cross-site Scripting (XSS) - Generic in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-12-15
CVE-2022-4504 Improper Input Validation in openemr/openemr — openemr/openemrCWE-20 7.5 -2022-12-15
CVE-2022-4505 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.8 High2022-12-15
CVE-2022-4506 Unrestricted Upload of File with Dangerous Type in openemr/openemr — openemr/openemrCWE-434 7.2 -2022-12-15
CVE-2022-2824 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.8 High2022-08-15
CVE-2022-2734 Improper Restriction of Rendered UI Layers or Frames in openemr/openemr — openemr/openemrCWE-1021 5.4 -2022-08-09
CVE-2022-2732 Missing Authorization in openemr/openemr — openemr/openemrCWE-862 8.3 High2022-08-09
CVE-2022-2733 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-08-09
CVE-2022-2731 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-08-09
CVE-2022-2729 Cross-site Scripting (XSS) - DOM in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-08-09
CVE-2022-2730 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemrCWE-639 8.2 -2022-08-09
CVE-2022-2494 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-07-22
CVE-2022-2493 Data Access from Outside Expected Data Manager Component in openemr/openemr — openemr/openemrCWE-1083 6.5 -2022-07-22
CVE-2022-1461 Non Privilege User can Enable or Disable Registered in openemr/openemr — openemr/openemrCWE-1220 6.5 -2022-04-25
CVE-2022-1459 Non-Privilege User Can View Patient’s Disclosures in openemr/openemr — openemr/openemrCWE-1118 6.5 -2022-04-25
CVE-2022-1458 Stored XSS Leads To Session Hijacking in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-04-25
CVE-2020-13567 phpGACL SQL注入漏洞 — OpenEMRCWE-89 9.8 -2022-04-18
CVE-2022-1179 Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-03-30
CVE-2022-1180 Reflected Cross Site Scripting in openemr/openemr — openemr/openemrCWE-79 6.1 -2022-03-30
CVE-2022-1181 Stored Cross Site Scripting in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-03-30
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in openemr/openemr — openemr/openemrCWE-1220 4.3 -2022-03-30
CVE-2022-1178 Stored Cross Site Scripting in openemr/openemr — openemr/openemrCWE-79 5.4 -2022-03-30

This page lists every published CVE security advisory associated with openemr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.