Product
librenms
104 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-51092
CVE-2026-6204
CVE-2026-2728
CVE-2026-26992
CVE-2026-26991
CVE-2026-27016
CVE-2026-26990
CVE-2026-26989
CVE-2026-26988
CVE-2026-26987
CVE-2020-36947
CVE-2025-68614
CVE-2025-65093
CVE-2025-65014
CVE-2025-65013
CVE-2025-62412
CVE-2025-62411
CVE-2025-62365
CVE-2025-55296
CVE-2025-54138
CVE-2025-47931
CVE-2025-23201
CVE-2025-23200
CVE-2025-23199
CVE-2025-23198
CVE-2024-56144
CVE-2024-53457
CVE-2024-52526
CVE-2024-51497
CVE-2024-51496
CVE-2024-51495
CVE-2024-51494
CVE-2024-50355
CVE-2024-50352
CVE-2024-50351
CVE-2024-50350
CVE-2024-49764
CVE-2024-49759
CVE-2024-49758
CVE-2024-49754
CVE-2024-47528
CVE-2024-47527
CVE-2024-47526
CVE-2024-47525
CVE-2024-47524
CVE-2024-47523
CVE-2024-32480
CVE-2024-32479
CVE-2024-32461
CVE-2023-48294
CVE-2023-46745
CVE-2023-48295
CVE-2023-5591
CVE-2023-5060
CVE-2023-4982
CVE-2023-4981
CVE-2023-4980
CVE-2023-4979
CVE-2023-4978
CVE-2023-4977
CVE-2023-4347
CVE-2022-4070
CVE-2022-4069
CVE-2022-4068
CVE-2022-4067
CVE-2022-3562
CVE-2022-3561
CVE-2022-3525
CVE-2022-3516
CVE-2022-3231
CVE-2022-36746
CVE-2022-36745
CVE-2022-29712
CVE-2022-29711
CVE-2022-0772
CVE-2022-0589
CVE-2022-0588
CVE-2022-0587
CVE-2022-0580
CVE-2022-0576
CVE-2022-0575
CVE-2021-44278
CVE-2021-44279
CVE-2021-44277
CVE-2021-43324
CVE-2021-31274
CVE-2020-35700
CVE-2020-15877
CVE-2020-15873
CVE-2019-12465
CVE-2019-12464
CVE-2019-12463
CVE-2019-10671
CVE-2019-10670
CVE-2019-10669
CVE-2019-10668
CVE-2019-10667
CVE-2019-10666
CVE-2019-10665
CVE-2019-15230
CVE-2018-20434
CVE-2018-20678
CVE-2018-18478
CVE-2017-16759
< 24.10.0
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php'
< 26.3.0
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locati
< 26.3.0
LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Succes
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name
>= 24.10.0 and < 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to St
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind S
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection
< 26.2.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflec
all versions
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attack
< 25.12.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vuln
< 25.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL
< 25.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vul
< 25.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scr
>= 25.8.0 and < 25.10.0
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not
< 25.10.0
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (
< 25.7.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_t
< 25.8.0
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in
< 25.7.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardwar
< 25.5.0
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scriptin
< 24.11.0
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS)
< 24.11.0
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the paramet
< 24.11.0
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the paramet
< 24.11.0
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the paramet
< 24.12.0
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the paramet
>= 24.9.0 and <= 24.10.0
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers
all versions
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability i
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a de
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability i
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the ap
< 24.10.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by u
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability i
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the a
< 24.9.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in t
< 24.4.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injecti
< 24.4.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitizatio
< 24.4.0
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=p
< 23.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardwar
< 23.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardwar
< 23.11.0
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardwar
<= 23.9.1
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
< 23.9.1
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
< 23.9.0
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
< 23.9.0
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
< 23.9.0
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
< 23.9.0
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
< 23.9.0
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
< 23.9.0
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
< 23.8.0
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
< 22.10.0
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, th
< 22.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
< 22.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
< 22.9.0
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
all versions
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php
all versions
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
all versions
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_pa
all versions
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.p
< 22.2.2
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
< 22.1.0
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
< 22.2.0
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
< 22.2.0
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
< 22.2.0
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
< 22.2.0
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
< 22.2.0
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
all versions
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
all versions
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
all versions
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
<= 21.10.2
LibreNMS through 21.10.2 allows XSS via a widget title.
< 21.3.0
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $ap
< 21.1.0
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 2
< 1.65.1
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'adm
< 1.65.1
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter
< 1.53
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term pa
all versions
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php fi
>= 1.50.1 and < 1.53
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and incl
<= 1.47
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, result
<= 1.47
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering
<= 1.47
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collec
<= 1.47
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an a
<= 1.47
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code ver
<= 1.47
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() functi
<= 1.47
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.ph
all versions
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Templat
all versions
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/ad
<= 1.47
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated user
< 1.44
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML
<= 1.30
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.ph