CVE Tools

koha

Enterprise SoftwareNZoss-project

12

Cumulative CVEs

5

Monthly snapshots

#100

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting koha.

CVE-2026-26379Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scannin...6.5Jun 3, 2026
CVE-2026-26378Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features5.4Jun 3, 2026
CVE-2026-31844Authenticated SQL Injection in Koha displayby parameter of suggestion.pl8.8Mar 11, 2026
CVE-2025-30076Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.7.7Mar 16, 2025
CVE-2025-22954GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.10.0Mar 12, 2025
CVE-2024-28740Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component.9.6Aug 6, 2024
CVE-2024-28739An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.7.2Aug 6, 2024
CVE-2024-24337CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands...8.0Feb 12, 2024
CVE-2023-5025KOHA MARC search.pl cross site scripting3.5Sep 17, 2023
CVE-2014-1925SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3....9.8Jan 24, 2020
CVE-2014-1924The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentic...9.8Jan 24, 2020
CVE-2014-1922Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary f...7.5Jan 24, 2020
CVE-2014-1923Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and...7.5Jan 24, 2020
CVE-2015-4633Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL comm...9.8Oct 18, 2018
CVE-2015-4632Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via...7.5Oct 18, 2018