Librenms/librenms

This hub aggregates every CVE we track for Librenms/librenms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Librenms/librenms.

• CVE-2024-51092LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's ...9.1May 8, 2026
• CVE-2026-26992LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name4.8Feb 20, 2026
• CVE-2026-26991LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name4.8Feb 20, 2026
• CVE-2026-27016LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()5.4Feb 20, 2026
• CVE-2026-26990LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php8.8Feb 20, 2026
• CVE-2026-26989LibreNMS has Stored XSS in Alert Rule4.3Feb 20, 2026
• CVE-2026-26988LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream9.1Feb 20, 2026
• CVE-2026-26987LibreNMS affected by reflected XSS via email field6.1Feb 20, 2026
• CVE-2020-36947LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection7.1Jan 27, 2026
• CVE-2025-68614LibreNMS Alert Rule API Cross-Site Scripting Vulnerability4.3Dec 22, 2025
• CVE-2025-65093LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint5.5Nov 18, 2025
• CVE-2025-65014LibreNMS has Weak Password Policy3.7Nov 18, 2025
• CVE-2025-65013LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`6.2Nov 18, 2025
• CVE-2025-62412LibreNMS alert-rules Cross-Site Scripting Vulnerability3.8Oct 16, 2025
• CVE-2025-62411Stored XSS in Alert Transport name field in LibreNMS5.5Oct 16, 2025