librenms/librenms Security Advisories for 1.39 (74)
-
[MEDIUM] Librenms has a reflected XSS on error alert
PKSA-wm61-7jpt-8qtq CVE-2025-23201 GHSA-g84x-g96g-rcjc
Affected version: <=24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Ports Stored Cross-site Scripting vulnerability
PKSA-6hkp-rngj-sfhp CVE-2025-23199 GHSA-27vf-3g4f-6jp7
Affected version: <24.10.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
PKSA-8417-9f2m-4f18 CVE-2024-52526 GHSA-8fh4-942r-jf2g
Affected version: <=24.9.1
Reported by:
GitHub -
[CRITICAL] LibreNMS has an Authenticated OS Command Injection
PKSA-h2yt-ck16-pnsc CVE-2024-51092 GHSA-x645-6pf9-xwxw
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
PKSA-dvsv-s8nn-9mk5 CVE-2024-51497 GHSA-gv4m-f6fx-859x
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
PKSA-wh3m-km32-g613 CVE-2024-51496 GHSA-28p7-f6h6-3jh3
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
PKSA-km6n-48z2-nq7j CVE-2024-51495 GHSA-p66q-ppwr-q5j8
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-3ph9-yzgt-sqfw CVE-2024-51494 GHSA-7663-37rg-c377
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
PKSA-xz8r-g47r-9wyx CVE-2024-50355 GHSA-4m5r-w2rq-q54q
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
PKSA-qpyt-p5td-8rqq CVE-2024-50352 GHSA-qr8f-5qqg-j3wg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
PKSA-zwgv-hsv9-bqx7 CVE-2024-50351 GHSA-v7w9-63xh-6r3w
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-tkc5-5hm7-wc1w CVE-2024-50350 GHSA-xh4g-c9p6-5jxg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
PKSA-7gfj-rwjs-mdc6 CVE-2024-49764 GHSA-rmr4-x6c9-jc68
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
PKSA-d996-rv6y-5r46 CVE-2024-49759 GHSA-888j-pjqh-fx58
Affected version: <=24.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
PKSA-gzkw-wrwk-5my1 CVE-2024-49758 GHSA-c86q-rj37-8f85
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
PKSA-knhw-5drh-jk8b CVE-2024-49754 GHSA-gfwr-xqmj-j27v
Affected version: <=24.9.1
Reported by:
GitHub -
[LOW] LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
PKSA-n7p4-zf3z-2mtf CVE-2024-47528 GHSA-x8gm-j36p-fppf
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
PKSA-6p9c-x5jf-zqsy CVE-2024-47523 GHSA-7f84-28qh-9486
Affected version: <24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
PKSA-y8kq-my2g-47kx CVE-2024-47524 GHSA-fc38-2254-48g7
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
PKSA-8hhb-2cz5-4n8w CVE-2024-47525 GHSA-j2j9-7pr6-xqwv
Affected version: <24.9.0
Reported by:
GitHub -
[LOW] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
PKSA-gft3-nv99-cjj1 CVE-2024-47526 GHSA-gcgp-q2jq-fw52
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
PKSA-7565-8pyc-txxc CVE-2024-47527 GHSA-rwwc-2v8q-gc9v
Affected version: <24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
PKSA-wskr-mbrz-ct8p CVE-2024-32480 GHSA-jh57-j3vq-h438
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
PKSA-g1ms-vbct-y8y2 CVE-2024-32479 GHSA-72m9-7c8x-pmmw
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to SQL injection time-based leads to database extraction
PKSA-cqy2-j4sq-mj1m CVE-2024-32461 GHSA-cwx6-cx7x-4q34
Affected version: <24.4.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Broken Access control on Graphs Feature
PKSA-dy6r-dy8y-9wrb CVE-2023-48294 GHSA-fpq5-4vwm-78x4
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting at Device groups Deletion feature
PKSA-pkpr-46hb-bg9j CVE-2023-48295 GHSA-8phr-637g-pxrg
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to rate limiting bypass on login page
PKSA-z23c-gbcv-4pv2 CVE-2023-46745 GHSA-rq42-58qf-v3qx
Affected version: <23.11.0
Reported by:
GitHub -
[HIGH] SQL injection in librenms/librenms
PKSA-xq48-tmhk-hpm4 CVE-2023-5591 GHSA-mr6h-7x2m-rgmq
Affected version: <23.10.0
Reported by:
GitHub -
[HIGH] Cross site scripting in librenms
PKSA-39bn-qzf7-nrzs CVE-2023-5060 GHSA-2q8c-gqf4-mg3v
Affected version: <23.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting vulnerability
PKSA-q4db-z2nw-5gfb CVE-2023-4982 GHSA-m6jj-fgmh-3p8r
Affected version: <23.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting vulnerability
PKSA-5ktt-gqhn-r871 CVE-2023-4981 GHSA-5jjm-qp48-qp86
Affected version: <23.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting vulnerability
PKSA-q5sk-6374-ytn9 CVE-2023-4980 GHSA-qxrq-376q-p39h
Affected version: <23.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting vulnerability
PKSA-m977-sq8g-gk7b CVE-2023-4979 GHSA-jp3c-g46v-jg2c
Affected version: <23.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting vulnerability
PKSA-jqxr-msnr-g9yn CVE-2023-4978 GHSA-qjpw-rg56-jh8v
Affected version: <23.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Code Injection vulnerability
PKSA-3jtx-27br-hxkr CVE-2023-4977 GHSA-57m2-mpc7-gwgx
Affected version: <23.9.0
Reported by:
GitHub -
[HIGH] LibreNMS Cross-site Scripting vulnerability
PKSA-vtm2-sr26-cxxn CVE-2023-4347 GHSA-m6pf-cm3f-7876
Affected version: <=23.7.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms/librenms
PKSA-3q9f-zws9-z6zg CVE-2022-3561 GHSA-264w-gw9g-fhgj
Affected version: <22.10.0
Reported by:
GitHub -
[HIGH] Deserialization of Untrusted Data in librenms/librenms
PKSA-x8rk-j1m6-2mnn CVE-2022-3525 GHSA-cv9g-h8mm-xx5h
Affected version: <22.10.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms/librenms
PKSA-cmc4-585k-48f6 CVE-2022-3562 GHSA-5h77-4245-pg5p
Affected version: <22.10.0
Reported by:
GitHub -
[HIGH] Cross-site Scripting in librenms/librenms
PKSA-9dvd-d3qy-91k9 CVE-2022-4068 GHSA-f3hw-3h74-wr98
Affected version: <22.10.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms/librenms
PKSA-6815-p4cm-y4zr CVE-2022-4067 GHSA-qch4-jmf8-xvp7
Affected version: <22.10.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms/librenms
PKSA-p1zh-s5qy-vh14 CVE-2022-3516 GHSA-r4gq-hv2r-mrf5
Affected version: <22.10.0
Reported by:
GitHub -
[CRITICAL] Insufficient Session Expiration in librenms/librenms
PKSA-cc57-b9hw-7bnv CVE-2022-4070 GHSA-x93j-3hh3-6x23
Affected version: <22.10.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms/librenms
PKSA-pprn-tnkh-98r8 CVE-2022-4069 GHSA-p55m-g4m3-qmrp
Affected version: <22.10.0
Reported by:
GitHub -
[MEDIUM] LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
PKSA-r9qb-jzwg-tghp CVE-2022-3231 GHSA-3jh2-wmv7-m932
Affected version: <=22.8.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to Cross-Site Scripting (XSS)
PKSA-gw2m-yhx9-19cr CVE-2022-36745 GHSA-5229-94p3-7wwq
Affected version: <22.7.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to Cross-Site Scripting (XSS)
PKSA-dxfz-p2qs-yvqh CVE-2022-36746 GHSA-325v-g5vx-whxc
Affected version: <22.7.0
Reported by:
GitHub -
[HIGH] Command injection in librenms
PKSA-67mt-hm2j-y21r CVE-2022-29712 GHSA-23f2-vgr6-fwv7
Affected version: <22.4.0
Reported by:
GitHub -
[MEDIUM] Cross site scripting in librenms
PKSA-j3gp-gk9d-13dm CVE-2022-29711 GHSA-2gqg-2rg7-gh33
Affected version: <22.4.0
Reported by:
GitHub -
[MEDIUM] LibreNMS SQL Injection vulnerability
PKSA-4v6t-w2rz-62v8 CVE-2020-15873 GHSA-g5r6-vrmx-9gwj
Affected version: <1.65.1
Reported by:
GitHub -
[CRITICAL] LibreNMS Information Disclosure
PKSA-hwhs-8kb8-sm14 CVE-2019-10665 GHSA-q5rg-wg7h-73m5
Affected version: <=1.47
Reported by:
GitHub -
[MEDIUM] LibreNMS XSS Vulnerability
PKSA-y8gr-jzck-9xrp CVE-2018-18478 GHSA-9m82-f3wx-p625
Affected version: <1.44
Reported by:
GitHub -
[HIGH] LibreNMS SQL Injection
PKSA-6h49-k2mc-sxbt CVE-2018-20678 GHSA-4fwh-r866-pvh9
Affected version: <=1.47
Reported by:
GitHub -
[MEDIUM] LibreNMS Arbitrary File Read
PKSA-6jtq-3877-1tyc CVE-2017-16759 GHSA-4ccx-wjqp-5fww
Affected version: <2017-08-18
Reported by:
GitHub -
[MEDIUM] Cross site scripting in LibreNMS
PKSA-q5zc-7jfz-4hb7 CVE-2022-0772 GHSA-vhm6-gw82-6f8j
Affected version: <22.2.2
Reported by:
GitHub -
[HIGH] Improper Access Control in librenms
PKSA-fjj3-tw17-f2mf CVE-2022-0580 GHSA-33wf-4crm-2322
Affected version: <22.2.0
Reported by:
GitHub -
[HIGH] Improper Authorization in librenms
PKSA-s2hp-ygdm-zbf8 CVE-2022-0587 GHSA-ppfm-rj6p-38q6
Affected version: <22.2.0
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor in librenms
PKSA-v1yf-jwjx-pk3d CVE-2022-0588 GHSA-254q-rqmw-vx45
Affected version: <22.2.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms
PKSA-h6p2-fqzw-6fdq CVE-2022-0589 GHSA-gj26-g5qf-jrh7
Affected version: <22.1.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms
PKSA-c2m6-p8qm-bd27 CVE-2022-0576 GHSA-rp34-85x3-3764
Affected version: <22.1.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in librenms
PKSA-rdyc-mbmn-n16x CVE-2022-0575 GHSA-hxmr-5gv9-6p8v
Affected version: <22.2.0
Reported by:
GitHub -
[CRITICAL] Path traversal in librenms/librenms
PKSA-9jfg-zjps-wnnk CVE-2021-44278 GHSA-7289-chwj-7h86
Affected version: <=21.11.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in LibreNMS
PKSA-f2v1-53qb-7j32 CVE-2021-44279 GHSA-5vr6-hm68-5j9p
Affected version: <=21.11.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in LibreNMS
PKSA-3trg-1sdw-zpth CVE-2021-44277 GHSA-4gwh-2pqx-f5cc
Affected version: <=21.11.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in LibreNMS
PKSA-892m-zyc2-phw7 CVE-2021-43324 GHSA-46rx-6jg9-4fh8
Affected version: <=21.10.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in LibreNMS
PKSA-csnf-y3vb-126f CVE-2021-31274 GHSA-2r2w-jrh2-p4gr
Affected version: <21.3.0
Reported by:
GitHub -
[HIGH] Exposure of Resource to Wrong Sphere in LibreNMS
PKSA-qszk-mpgc-m26h CVE-2020-15877 GHSA-3c33-3465-fhx2
Affected version: <1.65.1
Reported by:
GitHub -
[HIGH] SQL Injection in librenms
PKSA-gp58-9bn9-hhyx CVE-2020-35700 GHSA-h59f-p56g-g75v
Affected version: <21.1.0
Reported by:
GitHub -
[HIGH] SQL Injection in LibreNMS
PKSA-85nr-m4xt-2j67 CVE-2019-10671 GHSA-g9xh-3w5g-229r
Affected version: <1.50.1
Reported by:
GitHub -
[HIGH] SQL Injection in LibreNMS
PKSA-ggh6-xhcr-8r3x CVE-2019-12465 GHSA-878x-85hc-gc4g
Affected version: <1.53
Reported by:
GitHub -
[HIGH] Path Traversal in LibreNMS
PKSA-8tdt-v3pg-4s7h CVE-2019-12464 GHSA-r336-jxfr-4c3c
Affected version: <1.53
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
PKSA-8x8k-dqyb-s6rs CVE-2019-10667 GHSA-f4hh-xxqh-wgpq
Affected version: <1.50.1
Reported by:
GitHub -
[MEDIUM] Missing Authentication for Critical Function in LibreNMS
PKSA-y9xs-15m8-qfbc CVE-2019-10668 GHSA-277v-gwfr-hmpj
Affected version: <1.50.1
Reported by:
GitHub