Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/432643?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/432643?format=api", "purl": "pkg:composer/librenms/librenms@1.38", "type": "composer", "namespace": "librenms", "name": "librenms", "version": "1.38", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.3.0", "latest_non_vulnerable_version": "201609", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102736?format=api", "vulnerability_id": "VCID-18g9-2u9c-nbez", "summary": "LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00723", "published_at": "2026-06-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00721", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62411" }, { "reference_url": "https://github.com/librenms/librenms/commit/e1ead366239b57e88f9a06d4f7c213b1e2530cd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/e1ead366239b57e88f9a06d4f7c213b1e2530cd8" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/25.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/25.10.0" }, { "reference_url": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450", "reference_id": "706a77085f4d5964f7de9444208ef707e1f79450", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:27:02Z/" } ], "url": "https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62411", "reference_id": "CVE-2025-62411", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62411" }, { "reference_url": "https://github.com/advisories/GHSA-frc6-pwgr-c28w", "reference_id": "GHSA-frc6-pwgr-c28w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frc6-pwgr-c28w" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w", "reference_id": "GHSA-frc6-pwgr-c28w", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:27:02Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34532?format=api", "purl": "pkg:composer/librenms/librenms@25.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.10.0" } ], "aliases": [ "CVE-2025-62411", "GHSA-frc6-pwgr-c28w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18g9-2u9c-nbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208205?format=api", "vulnerability_id": "VCID-1bhu-qkzp-tqas", "summary": "Cross-site Scripting in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.08004", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07968", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0589" }, { "reference_url": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa" }, { "reference_url": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0589", "reference_id": "CVE-2022-0589", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0589" }, { "reference_url": "https://github.com/advisories/GHSA-gj26-g5qf-jrh7", "reference_id": "GHSA-gj26-g5qf-jrh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj26-g5qf-jrh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19367?format=api", "purl": "pkg:composer/librenms/librenms@22.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.1.0" } ], "aliases": [ "CVE-2022-0589", "GHSA-gj26-g5qf-jrh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bhu-qkzp-tqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/323154?format=api", "vulnerability_id": "VCID-2dax-4ghn-mffp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13909", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14025", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15877" }, { "reference_url": "https://community.librenms.org/c/announcements", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.librenms.org/c/announcements" }, { "reference_url": "https://github.com/librenms/librenms/commit/e5bb6d80bc308fc56b9a01ffb76c34159995353c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/e5bb6d80bc308fc56b9a01ffb76c34159995353c" }, { "reference_url": "https://github.com/librenms/librenms/compare/1.65...1.65.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/compare/1.65...1.65.1" }, { "reference_url": "https://github.com/librenms/librenms/pull/11915", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/11915" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/1.65.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/1.65.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15877", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15877" }, { "reference_url": "https://shielder.it/blog", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://shielder.it/blog" }, { "reference_url": "https://github.com/advisories/GHSA-3c33-3465-fhx2", "reference_id": "GHSA-3c33-3465-fhx2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c33-3465-fhx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382641?format=api", "purl": "pkg:composer/librenms/librenms@1.65.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.65.1" } ], "aliases": [ "CVE-2020-15877", "GHSA-3c33-3465-fhx2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dax-4ghn-mffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35115?format=api", "vulnerability_id": "VCID-2zej-x5n6-cqbf", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the \"Port Settings\" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75561", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.7549", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51494", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51494" }, { "reference_url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0", "reference_id": "82a744bfe29017b8b58b5752ab9e1b335bedf0a0", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:02:34Z/" } ], "url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0" }, { "reference_url": "https://github.com/advisories/GHSA-7663-37rg-c377", "reference_id": "GHSA-7663-37rg-c377", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7663-37rg-c377" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377", "reference_id": "GHSA-7663-37rg-c377", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:02:34Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-51494", "GHSA-7663-37rg-c377" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zej-x5n6-cqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38416?format=api", "vulnerability_id": "VCID-3faw-j7vn-hfaz", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Capture Debug Information\" page allows authenticated users to inject arbitrary JavaScript through the \"hostname\" parameter when creating a new device. This vulnerability results in the execution of malicious code when the \"Capture Debug Information\" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76202", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76131", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49764" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49764", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49764" }, { "reference_url": "https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6", "reference_id": "af15eabbb1752985d36f337cecf137a947e170f6", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:47:58Z/" } ], "url": "https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6" }, { "reference_url": "https://github.com/advisories/GHSA-rmr4-x6c9-jc68", "reference_id": "GHSA-rmr4-x6c9-jc68", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rmr4-x6c9-jc68" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68", "reference_id": "GHSA-rmr4-x6c9-jc68", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:47:58Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-49764", "GHSA-rmr4-x6c9-jc68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3faw-j7vn-hfaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/328030?format=api", "vulnerability_id": "VCID-3qv3-74t6-6fhs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35700", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26621", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26823", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35700" }, { "reference_url": "https://github.com/librenms/librenms/blob/master/app/Http/Controllers/Widgets/TopDevicesController.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/blob/master/app/Http/Controllers/Widgets/TopDevicesController.php" }, { "reference_url": "https://github.com/librenms/librenms/issues/12405", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/issues/12405" }, { "reference_url": "https://github.com/librenms/librenms/pull/12422", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/12422" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/21.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/21.1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35700", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35700" }, { "reference_url": "https://www.horizon3.ai/disclosures/librenms-second-order-sqli", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.horizon3.ai/disclosures/librenms-second-order-sqli" }, { "reference_url": "https://github.com/advisories/GHSA-h59f-p56g-g75v", "reference_id": "GHSA-h59f-p56g-g75v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h59f-p56g-g75v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383688?format=api", "purl": "pkg:composer/librenms/librenms@21.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.1.0" } ], "aliases": [ "CVE-2020-35700", "GHSA-h59f-p56g-g75v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qv3-74t6-6fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34923?format=api", "vulnerability_id": "VCID-4syp-nckb-9fbw", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"overwrite_ip\" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76245", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51495", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51495" }, { "reference_url": "https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0", "reference_id": "4568188ce9097a2e3a3b563311077f2bb82455c0", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:59:29Z/" } ], "url": "https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0" }, { "reference_url": "https://github.com/advisories/GHSA-p66q-ppwr-q5j8", "reference_id": "GHSA-p66q-ppwr-q5j8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p66q-ppwr-q5j8" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8", "reference_id": "GHSA-p66q-ppwr-q5j8", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:59:29Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-51495", "GHSA-p66q-ppwr-q5j8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4syp-nckb-9fbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34979?format=api", "vulnerability_id": "VCID-5999-8pth-d7ba", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"metric\" parameter of the \"/wireless\" and \"/health\" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"metric\" parameter, potentially compromising their session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01137", "scoring_system": "epss", "scoring_elements": "0.78868", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01137", "scoring_system": "epss", "scoring_elements": "0.78802", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51496", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51496" }, { "reference_url": "https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a", "reference_id": "aef739a438ffb507e927a4ec87b359164a7a053a", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:18:15Z/" } ], "url": "https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a" }, { "reference_url": "https://github.com/advisories/GHSA-28p7-f6h6-3jh3", "reference_id": "GHSA-28p7-f6h6-3jh3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-28p7-f6h6-3jh3" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3", "reference_id": "GHSA-28p7-f6h6-3jh3", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:18:15Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-51496", "GHSA-28p7-f6h6-3jh3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5999-8pth-d7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58020?format=api", "vulnerability_id": "VCID-5ehc-2e2v-wkgb", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Alert Rules\" feature allows authenticated users to inject arbitrary JavaScript through the \"Title\" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07363", "scoring_system": "epss", "scoring_elements": "0.91925", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07363", "scoring_system": "epss", "scoring_elements": "0.91898", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47525" }, { "reference_url": "https://github.com/librenms/librenms/commit/7620d220e48563938d869da7689b8ac3f7721490", "reference_id": "7620d220e48563938d869da7689b8ac3f7721490", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/" } ], "url": "https://github.com/librenms/librenms/commit/7620d220e48563938d869da7689b8ac3f7721490" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47525", "reference_id": "CVE-2024-47525", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47525" }, { "reference_url": "https://github.com/advisories/GHSA-j2j9-7pr6-xqwv", "reference_id": "GHSA-j2j9-7pr6-xqwv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j2j9-7pr6-xqwv" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv", "reference_id": "GHSA-j2j9-7pr6-xqwv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv" }, { "reference_url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/print-alert-rules.php#L405", "reference_id": "print-alert-rules.php#L405", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/" } ], "url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/print-alert-rules.php#L405" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47525", "GHSA-j2j9-7pr6-xqwv" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ehc-2e2v-wkgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204145?format=api", "vulnerability_id": "VCID-5qc1-g4x7-n3fp", "summary": "Missing Authentication for Critical Function in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10668", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00168", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00169", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10668" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10668", "reference_id": "CVE-2019-10668", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10668" }, { "reference_url": "https://github.com/advisories/GHSA-277v-gwfr-hmpj", "reference_id": "GHSA-277v-gwfr-hmpj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-277v-gwfr-hmpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15649?format=api", "purl": "pkg:composer/librenms/librenms@1.50.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-wtgu-cr2f-33cb" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.50.1" } ], "aliases": [ "CVE-2019-10668", "GHSA-277v-gwfr-hmpj" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qc1-g4x7-n3fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/304574?format=api", "vulnerability_id": "VCID-61va-qddt-rbf2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01325", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01322", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20678" }, { "reference_url": "https://cert.enea.pl/advisories/cert-190101.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert.enea.pl/advisories/cert-190101.html" }, { "reference_url": "https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/32f72bc1ab7e980e4070e826a89d0d36a5ba62dd" }, { "reference_url": "https://github.com/librenms/librenms/pull/11920", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/11920" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20678", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20678" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/391067?format=api", "purl": "pkg:composer/librenms/librenms@1.48.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.48.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/437965?format=api", "purl": "pkg:composer/librenms/librenms@1.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-5qc1-g4x7-n3fp" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-qc4w-r2jh-a7hx" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-sp7z-xykf-e7ce" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/386348?format=api", "purl": "pkg:composer/librenms/librenms@1.65.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.65.0" } ], "aliases": [ "CVE-2018-20678", "GHSA-4fwh-r866-pvh9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61va-qddt-rbf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174597?format=api", "vulnerability_id": "VCID-656h-mks2-6yaw", "summary": "Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3525", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00302", "published_at": "2026-06-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00303", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3525" }, { "reference_url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948", "reference_id": "ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-24T20:14:43Z/" } ], "url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3525", "reference_id": "CVE-2022-3525", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3525" }, { "reference_url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330", "reference_id": "ed048e8d-87af-440a-a91f-be1e65a40330", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-24T20:14:43Z/" } ], "url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330" }, { "reference_url": "https://github.com/advisories/GHSA-cv9g-h8mm-xx5h", "reference_id": "GHSA-cv9g-h8mm-xx5h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cv9g-h8mm-xx5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-3525", "GHSA-cv9g-h8mm-xx5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-656h-mks2-6yaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139958?format=api", "vulnerability_id": "VCID-8333-p936-4yen", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4978", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00311", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00312", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4978" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4978", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4978" }, { "reference_url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4", "reference_id": "cefd9295-2053-4e6e-a130-7e1f845728f4", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:04Z/" } ], "url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4" }, { "reference_url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7", "reference_id": "e4c46a45364cb944b94abf9b83f0558b2c4c2fb7", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:04Z/" } ], "url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7" }, { "reference_url": "https://github.com/advisories/GHSA-qjpw-rg56-jh8v", "reference_id": "GHSA-qjpw-rg56-jh8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjpw-rg56-jh8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4978", "GHSA-qjpw-rg56-jh8v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8333-p936-4yen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208206?format=api", "vulnerability_id": "VCID-8xsz-9mtq-w7ct", "summary": "Missing Authorization in librenms/librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0588", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00043", "published_at": "2026-06-12T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00042", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0588" }, { "reference_url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" }, { "reference_url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0588", "reference_id": "CVE-2022-0588", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0588" }, { "reference_url": "https://github.com/advisories/GHSA-254q-rqmw-vx45", "reference_id": "GHSA-254q-rqmw-vx45", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-254q-rqmw-vx45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19365?format=api", "purl": "pkg:composer/librenms/librenms@22.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0588", "GHSA-254q-rqmw-vx45" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xsz-9mtq-w7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133650?format=api", "vulnerability_id": "VCID-8ytn-qf7f-yfbf", "summary": "SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5591", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31533", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31341", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5591" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5591", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5591" }, { "reference_url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090", "reference_id": "54813d42-5b93-440e-b9b1-c179d2cbf090", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:15:06Z/" } ], "url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090" }, { "reference_url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e", "reference_id": "908aef65967ce6184bdc587fd105660d5d55129e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:15:06Z/" } ], "url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e" }, { "reference_url": "https://github.com/advisories/GHSA-mr6h-7x2m-rgmq", "reference_id": "GHSA-mr6h-7x2m-rgmq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mr6h-7x2m-rgmq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379107?format=api", "purl": "pkg:composer/librenms/librenms@23.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-5591", "GHSA-mr6h-7x2m-rgmq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ytn-qf7f-yfbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168777?format=api", "vulnerability_id": "VCID-91gw-qj5p-y3ed", "summary": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.50253", "scoring_system": "epss", "scoring_elements": "0.97903", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.50253", "scoring_system": "epss", "scoring_elements": "0.97894", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4068" }, { "reference_url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1", "reference_id": "09a2977adb8bc4b1db116c725d661160c930d3a1", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/" } ], "url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1" }, { "reference_url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc", "reference_id": "becfecc4-22a6-4f94-bf83-d6030b625fdc", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/" } ], "url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4068", "reference_id": "CVE-2022-4068", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4068" }, { "reference_url": "https://github.com/advisories/GHSA-f3hw-3h74-wr98", "reference_id": "GHSA-f3hw-3h74-wr98", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3hw-3h74-wr98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-4068", "GHSA-f3hw-3h74-wr98" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91gw-qj5p-y3ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/339362?format=api", "vulnerability_id": "VCID-92gm-nsf8-d7dt", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12611", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12702", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31274" }, { "reference_url": "https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431" }, { "reference_url": "https://github.com/librenms/librenms/pull/12739", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/12739" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31274" }, { "reference_url": "https://github.com/advisories/GHSA-2r2w-jrh2-p4gr", "reference_id": "GHSA-2r2w-jrh2-p4gr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r2w-jrh2-p4gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382488?format=api", "purl": "pkg:composer/librenms/librenms@21.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.3.0" } ], "aliases": [ "CVE-2021-31274", "GHSA-2r2w-jrh2-p4gr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92gm-nsf8-d7dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208303?format=api", "vulnerability_id": "VCID-98wd-pvht-nqfu", "summary": "Cross site scripting in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03933", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03913", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0772" }, { "reference_url": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281" }, { "reference_url": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0772", "reference_id": "CVE-2022-0772", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0772" }, { "reference_url": "https://github.com/advisories/GHSA-vhm6-gw82-6f8j", "reference_id": "GHSA-vhm6-gw82-6f8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhm6-gw82-6f8j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19526?format=api", "purl": "pkg:composer/librenms/librenms@22.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0772", "GHSA-vhm6-gw82-6f8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98wd-pvht-nqfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168813?format=api", "vulnerability_id": "VCID-9zy9-ue2n-87b4", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.63094", "scoring_system": "epss", "scoring_elements": "0.98427", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.63094", "scoring_system": "epss", "scoring_elements": "0.98421", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4069" }, { "reference_url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7", "reference_id": "8383376f1355812e09ec0c2af67f6d46891b7ba7", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T20:10:44Z/" } ], "url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7" }, { "reference_url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5", "reference_id": "a9925d98-dac4-4c3c-835a-d93aeecfb2c5", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T20:10:44Z/" } ], "url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4069", "reference_id": "CVE-2022-4069", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4069" }, { "reference_url": "https://github.com/advisories/GHSA-p55m-g4m3-qmrp", "reference_id": "GHSA-p55m-g4m3-qmrp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p55m-g4m3-qmrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-4069", "GHSA-p55m-g4m3-qmrp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zy9-ue2n-87b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91045?format=api", "vulnerability_id": "VCID-ae82-tsr6-c3cw", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65013", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00031", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65013" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65013", "reference_id": "CVE-2025-65013", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65013" }, { "reference_url": "https://github.com/advisories/GHSA-j8cq-7f6p-256x", "reference_id": "GHSA-j8cq-7f6p-256x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j8cq-7f6p-256x" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x", "reference_id": "GHSA-j8cq-7f6p-256x", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:46:48Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35293?format=api", "purl": "pkg:composer/librenms/librenms@25.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0" } ], "aliases": [ "CVE-2025-65013", "GHSA-j8cq-7f6p-256x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae82-tsr6-c3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210718?format=api", "vulnerability_id": "VCID-bgm3-4nkb-c3bs", "summary": "Command injection in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05908", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05883", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29712" }, { "reference_url": "https://github.com/librenms/librenms/commit/8b82341cb742e7bd4966964b399012f7ba017e0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/8b82341cb742e7bd4966964b399012f7ba017e0b" }, { "reference_url": "https://github.com/librenms/librenms/pull/13932", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/13932" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29712", "reference_id": "CVE-2022-29712", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29712" }, { "reference_url": "https://github.com/advisories/GHSA-23f2-vgr6-fwv7", "reference_id": "GHSA-23f2-vgr6-fwv7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23f2-vgr6-fwv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24423?format=api", "purl": "pkg:composer/librenms/librenms@22.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.4.0" } ], "aliases": [ "CVE-2022-29712", "GHSA-23f2-vgr6-fwv7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgm3-4nkb-c3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56944?format=api", "vulnerability_id": "VCID-byb9-nnem-5bdu", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24893", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24695", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50355", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50355" }, { "reference_url": "https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976", "reference_id": "bb4731419b592867bf974dde525e536606a52976", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:05:39Z/" } ], "url": "https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976" }, { "reference_url": "https://github.com/advisories/GHSA-4m5r-w2rq-q54q", "reference_id": "GHSA-4m5r-w2rq-q54q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4m5r-w2rq-q54q" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q", "reference_id": "GHSA-4m5r-w2rq-q54q", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:05:39Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-50355", "GHSA-4m5r-w2rq-q54q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-byb9-nnem-5bdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35541?format=api", "vulnerability_id": "VCID-c5qg-fsdx-w7eg", "summary": "LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.44112", "scoring_system": "epss", "scoring_elements": "0.97634", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.44112", "scoring_system": "epss", "scoring_elements": "0.97626", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51092", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51092" }, { "reference_url": "https://github.com/advisories/GHSA-x645-6pf9-xwxw", "reference_id": "GHSA-x645-6pf9-xwxw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x645-6pf9-xwxw" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw", "reference_id": "GHSA-x645-6pf9-xwxw", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:10:38Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb", "reference_id": "librenms_authenticated_rce_cve_2024_51092.rb", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:10:38Z/" } ], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-51092", "GHSA-x645-6pf9-xwxw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5qg-fsdx-w7eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70900?format=api", "vulnerability_id": "VCID-cc1u-4ca7-v7he", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter. After the device group is created, the entry is displayed along with relevant buttons such as Rediscover Devices, Edit, and Delete. This issue has been fixed in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26991", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00194", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26991" }, { "reference_url": "https://github.com/librenms/librenms/pull/19041", "reference_id": "19041", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/" } ], "url": "https://github.com/librenms/librenms/pull/19041" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/26.2.0", "reference_id": "26.2.0", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/" } ], "url": "https://github.com/librenms/librenms/releases/tag/26.2.0" }, { "reference_url": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c", "reference_id": "64b31da444369213eb4559ec1c304ebfaa0ba12c", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/" } ], "url": "https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26991", "reference_id": "CVE-2026-26991", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26991" }, { "reference_url": "https://github.com/advisories/GHSA-5pqf-54qp-32wx", "reference_id": "GHSA-5pqf-54qp-32wx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pqf-54qp-32wx" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx", "reference_id": "GHSA-5pqf-54qp-32wx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26991", "GHSA-5pqf-54qp-32wx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cc1u-4ca7-v7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309659?format=api", "vulnerability_id": "VCID-cewc-v19g-yqf6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10665", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00232", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10665" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10665", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10665" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023" }, { "reference_url": "https://github.com/advisories/GHSA-q5rg-wg7h-73m5", "reference_id": "GHSA-q5rg-wg7h-73m5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q5rg-wg7h-73m5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/437965?format=api", "purl": "pkg:composer/librenms/librenms@1.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-5qc1-g4x7-n3fp" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-qc4w-r2jh-a7hx" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-sp7z-xykf-e7ce" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.48" } ], "aliases": [ "CVE-2019-10665", "GHSA-q5rg-wg7h-73m5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cewc-v19g-yqf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70911?format=api", "vulnerability_id": "VCID-cmqg-e3da-r7cf", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26987", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "6e-05", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26987" }, { "reference_url": "https://github.com/librenms/librenms/pull/19038", "reference_id": "19038", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/" } ], "url": "https://github.com/librenms/librenms/pull/19038" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/26.2.0", "reference_id": "26.2.0", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/" } ], "url": "https://github.com/librenms/librenms/releases/tag/26.2.0" }, { "reference_url": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b", "reference_id": "8e626b38ef92e240532cdac2ac7e38706a71208b", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/" } ], "url": "https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26987", "reference_id": "CVE-2026-26987", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26987" }, { "reference_url": "https://github.com/advisories/GHSA-gqx7-99jw-6fpr", "reference_id": "GHSA-gqx7-99jw-6fpr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gqx7-99jw-6fpr" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr", "reference_id": "GHSA-gqx7-99jw-6fpr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26987", "GHSA-gqx7-99jw-6fpr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmqg-e3da-r7cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121735?format=api", "vulnerability_id": "VCID-cntm-etf9-kkbv", "summary": "librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0455", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04557", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55296", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55296" }, { "reference_url": "https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958", "reference_id": "8ade3d827d317f5ac4b336617aafff865f825958", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T17:37:45Z/" } ], "url": "https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958" }, { "reference_url": "https://github.com/advisories/GHSA-vxq6-8cwm-wj99", "reference_id": "GHSA-vxq6-8cwm-wj99", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vxq6-8cwm-wj99" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99", "reference_id": "GHSA-vxq6-8cwm-wj99", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T17:37:45Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34555?format=api", "purl": "pkg:composer/librenms/librenms@25.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2025-55296", "GHSA-vxq6-8cwm-wj99" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cntm-etf9-kkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53120?format=api", "vulnerability_id": "VCID-dgdu-jnbz-2qbe", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67401", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6731", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32479" }, { "reference_url": "https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b", "reference_id": "19344f0584d4d6d4526fdf331adc60530e3f685b", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/" } ], "url": "https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32479", "reference_id": "CVE-2024-32479", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32479" }, { "reference_url": "https://github.com/advisories/GHSA-72m9-7c8x-pmmw", "reference_id": "GHSA-72m9-7c8x-pmmw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72m9-7c8x-pmmw" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw", "reference_id": "GHSA-72m9-7c8x-pmmw", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw" }, { "reference_url": "https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23", "reference_id": "ServiceTemplateController.php#L67C23-L67C23", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/" } ], "url": "https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30707?format=api", "purl": "pkg:composer/librenms/librenms@24.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0" } ], "aliases": [ "CVE-2024-32479", "GHSA-72m9-7c8x-pmmw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdu-jnbz-2qbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132605?format=api", "vulnerability_id": "VCID-dku9-fked-fueu", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46745", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00776", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00778", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46745" }, { "reference_url": "https://github.com/librenms/librenms/commit/7c006e96251ae1d32e1a015b361a7bfbb815c028", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/7c006e96251ae1d32e1a015b361a7bfbb815c028" }, { "reference_url": "https://github.com/librenms/librenms/pull/15558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/15558" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/23.11.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/23.11.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46745", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46745" }, { "reference_url": "https://github.com/advisories/GHSA-rq42-58qf-v3qx", "reference_id": "GHSA-rq42-58qf-v3qx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rq42-58qf-v3qx" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx", "reference_id": "GHSA-rq42-58qf-v3qx", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:08:45Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381058?format=api", "purl": "pkg:composer/librenms/librenms@23.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-46745", "GHSA-rq42-58qf-v3qx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dku9-fked-fueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38490?format=api", "vulnerability_id": "VCID-dmsz-ct8c-zuf9", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22561", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22367", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49758" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49758", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49758" }, { "reference_url": "https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8", "reference_id": "24b142d753898e273ec20b542a27dd6eb530c7d8", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:51:55Z/" } ], "url": "https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8" }, { "reference_url": "https://github.com/advisories/GHSA-c86q-rj37-8f85", "reference_id": "GHSA-c86q-rj37-8f85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c86q-rj37-8f85" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85", "reference_id": "GHSA-c86q-rj37-8f85", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:51:55Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-49758", "GHSA-c86q-rj37-8f85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsz-ct8c-zuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140066?format=api", "vulnerability_id": "VCID-ek4h-m8w9-t7bp", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16148", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.16005", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4981" }, { "reference_url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7", "reference_id": "03c4da62c8acde0a82acbb4a445ae866ebfdd3f7", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:46Z/" } ], "url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7" }, { "reference_url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609", "reference_id": "1f014494-49a9-4bf0-8d43-a675498b9609", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:46Z/" } ], "url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609" }, { "reference_url": "https://github.com/advisories/GHSA-5jjm-qp48-qp86", "reference_id": "GHSA-5jjm-qp48-qp86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jjm-qp48-qp86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4981", "GHSA-5jjm-qp48-qp86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek4h-m8w9-t7bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56675?format=api", "vulnerability_id": "VCID-eq4t-1cwx-zfh5", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"section\" parameter of the \"logs\" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"section\" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the \"report_this()\" function. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01067", "scoring_system": "epss", "scoring_elements": "0.78183", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01067", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50351" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50351", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50351" }, { "reference_url": "https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf", "reference_id": "6a14a9bd767c6e452e4df77a24126c3eeb93dcbf", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:19:51Z/" } ], "url": "https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf" }, { "reference_url": "https://github.com/advisories/GHSA-v7w9-63xh-6r3w", "reference_id": "GHSA-v7w9-63xh-6r3w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v7w9-63xh-6r3w" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w", "reference_id": "GHSA-v7w9-63xh-6r3w", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:19:51Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-50351", "GHSA-v7w9-63xh-6r3w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq4t-1cwx-zfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38540?format=api", "vulnerability_id": "VCID-eyv3-xp88-t7en", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the \"token\" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11981", "scoring_system": "epss", "scoring_elements": "0.9393", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.11981", "scoring_system": "epss", "scoring_elements": "0.9395", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49754", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49754" }, { "reference_url": "https://github.com/librenms/librenms/commit/25988a937cbaebd2ba4c0517510206c404dfb359", "reference_id": "25988a937cbaebd2ba4c0517510206c404dfb359", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:53:36Z/" } ], "url": "https://github.com/librenms/librenms/commit/25988a937cbaebd2ba4c0517510206c404dfb359" }, { "reference_url": "https://github.com/advisories/GHSA-gfwr-xqmj-j27v", "reference_id": "GHSA-gfwr-xqmj-j27v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gfwr-xqmj-j27v" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v", "reference_id": "GHSA-gfwr-xqmj-j27v", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:53:36Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-49754", "GHSA-gfwr-xqmj-j27v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eyv3-xp88-t7en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93084?format=api", "vulnerability_id": "VCID-g8zs-nkxb-hyc4", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68614", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "0.00012", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68614", "reference_id": "CVE-2025-68614", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68614" }, { "reference_url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1", "reference_id": "ebe6c79bf4ce0afeb575c1285afe3934e44001f1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T23:55:04Z/" } ], "url": "https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1" }, { "reference_url": "https://github.com/advisories/GHSA-c89f-8g7g-59wj", "reference_id": "GHSA-c89f-8g7g-59wj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c89f-8g7g-59wj" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj", "reference_id": "GHSA-c89f-8g7g-59wj", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T23:55:04Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36351?format=api", "purl": "pkg:composer/librenms/librenms@25.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-wjhn-5pcd-77cv" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.12.0" } ], "aliases": [ "CVE-2025-68614", "GHSA-c89f-8g7g-59wj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8zs-nkxb-hyc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57802?format=api", "vulnerability_id": "VCID-gnfs-vu51-cbda", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the \"Alert Templates\" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34412", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34234", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47526" }, { "reference_url": "https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/modal/alert_template.inc.php#L205", "reference_id": "alert_template.inc.php#L205", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/" } ], "url": "https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/modal/alert_template.inc.php#L205" }, { "reference_url": "https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/forms/alert-templates.inc.php#L40", "reference_id": "alert-templates.inc.php#L40", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/" } ], "url": "https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/forms/alert-templates.inc.php#L40" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47526", "reference_id": "CVE-2024-47526", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47526" }, { "reference_url": "https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff97ef5", "reference_id": "f259edc19b9f0ccca484c60b1ba70a0bfff97ef5", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/" } ], "url": "https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff97ef5" }, { "reference_url": "https://github.com/advisories/GHSA-gcgp-q2jq-fw52", "reference_id": "GHSA-gcgp-q2jq-fw52", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcgp-q2jq-fw52" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52", "reference_id": "GHSA-gcgp-q2jq-fw52", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47526", "GHSA-gcgp-q2jq-fw52" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnfs-vu51-cbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58037?format=api", "vulnerability_id": "VCID-gppp-bfnm-7ba6", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Alert Transports\" feature allows authenticated users to inject arbitrary JavaScript through the \"Details\" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59989", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59881", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47523" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47523", "reference_id": "CVE-2024-47523", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47523" }, { "reference_url": "https://github.com/librenms/librenms/commit/ee1afba003d33667981e098c83295f599d88439c", "reference_id": "ee1afba003d33667981e098c83295f599d88439c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/" } ], "url": "https://github.com/librenms/librenms/commit/ee1afba003d33667981e098c83295f599d88439c" }, { "reference_url": "https://github.com/advisories/GHSA-7f84-28qh-9486", "reference_id": "GHSA-7f84-28qh-9486", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7f84-28qh-9486" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486", "reference_id": "GHSA-7f84-28qh-9486", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486" }, { "reference_url": "https://github.com/librenms/librenms/blob/4777247327c793ed0a3306d0464b95176008177b/includes/html/print-alert-transports.php#L40", "reference_id": "print-alert-transports.php#L40", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/" } ], "url": "https://github.com/librenms/librenms/blob/4777247327c793ed0a3306d0464b95176008177b/includes/html/print-alert-transports.php#L40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47523", "GHSA-7f84-28qh-9486" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gppp-bfnm-7ba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133316?format=api", "vulnerability_id": "VCID-gzvy-qsmz-a7ca", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5060", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00175", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00176", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5060" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5060", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5060" }, { "reference_url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3", "reference_id": "01b0917d-f92f-4903-9eca-bcfc46e847e3", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:21:40Z/" } ], "url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3" }, { "reference_url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72", "reference_id": "8fd8d9b06a11060de5dc69588a1a83594a7e6f72", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:21:40Z/" } ], "url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72" }, { "reference_url": "https://github.com/advisories/GHSA-2q8c-gqf4-mg3v", "reference_id": "GHSA-2q8c-gqf4-mg3v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2q8c-gqf4-mg3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379821?format=api", "purl": "pkg:composer/librenms/librenms@23.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-5060", "GHSA-2q8c-gqf4-mg3v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzvy-qsmz-a7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174980?format=api", "vulnerability_id": "VCID-hhhz-1bd6-3bfy", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3516", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.006", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00602", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3516" }, { "reference_url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748", "reference_id": "734bb5eb-715c-4b64-bd33-280300a63748", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:37:55Z/" } ], "url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748" }, { "reference_url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c", "reference_id": "8e85698aa3aa4884c2f3d6c987542477eb64f07c", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:37:55Z/" } ], "url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3516", "reference_id": "CVE-2022-3516", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3516" }, { "reference_url": "https://github.com/advisories/GHSA-r4gq-hv2r-mrf5", "reference_id": "GHSA-r4gq-hv2r-mrf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4gq-hv2r-mrf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-3516", "GHSA-r4gq-hv2r-mrf5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhhz-1bd6-3bfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/323153?format=api", "vulnerability_id": "VCID-j176-ekvg-3ufv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.83906", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.83962", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15873" }, { "reference_url": "https://community.librenms.org/c/announcements", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.librenms.org/c/announcements" }, { "reference_url": "https://github.com/librenms/librenms/commit/8f3a29cde5bbd8608f9b42923a7d7e2598bcac4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/8f3a29cde5bbd8608f9b42923a7d7e2598bcac4e" }, { "reference_url": "https://github.com/librenms/librenms/compare/1.65...1.65.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/compare/1.65...1.65.1" }, { "reference_url": "https://github.com/librenms/librenms/pull/11923", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/11923" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15873", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15873" }, { "reference_url": "https://research.loginsoft.com/bugs/blind-sql-injection-in-librenms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.loginsoft.com/bugs/blind-sql-injection-in-librenms" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382641?format=api", "purl": "pkg:composer/librenms/librenms@1.65.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.65.1" } ], "aliases": [ "CVE-2020-15873", "GHSA-g5r6-vrmx-9gwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j176-ekvg-3ufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/344681?format=api", "vulnerability_id": "VCID-ja3k-pqg6-cuct", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43324", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.0011", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43324" }, { "reference_url": "https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43324", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43324" }, { "reference_url": "https://github.com/advisories/GHSA-46rx-6jg9-4fh8", "reference_id": "GHSA-46rx-6jg9-4fh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46rx-6jg9-4fh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18180?format=api", "purl": "pkg:composer/librenms/librenms@21.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-n9g7-5ahp-9qh6" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-t5mg-4z98-57au" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-vrsm-hwju-hbhk" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2021-43324", "GHSA-46rx-6jg9-4fh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ja3k-pqg6-cuct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70766?format=api", "vulnerability_id": "VCID-js2a-whr7-dufs", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser context of any user who accesses the Alert Rules page. This issue has been fixed in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26989", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00136", "published_at": "2026-06-12T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00137", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26989" }, { "reference_url": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58", "reference_id": "087608cf9f851189847cb8e8e5ad002e59170c58", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/" } ], "url": "https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58" }, { "reference_url": "https://github.com/librenms/librenms/pull/19039", "reference_id": "19039", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/" } ], "url": "https://github.com/librenms/librenms/pull/19039" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/26.2.0", "reference_id": "26.2.0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/" } ], "url": "https://github.com/librenms/librenms/releases/tag/26.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26989", "reference_id": "CVE-2026-26989", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26989" }, { "reference_url": "https://github.com/advisories/GHSA-6xmx-xr9p-58p7", "reference_id": "GHSA-6xmx-xr9p-58p7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xmx-xr9p-58p7" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7", "reference_id": "GHSA-6xmx-xr9p-58p7", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26989", "GHSA-6xmx-xr9p-58p7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-js2a-whr7-dufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208154?format=api", "vulnerability_id": "VCID-k3tp-p2ay-5bf3", "summary": "Cross-site Scripting in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.08004", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07968", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0575" }, { "reference_url": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54" }, { "reference_url": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0575", "reference_id": "CVE-2022-0575", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0575" }, { "reference_url": "https://github.com/advisories/GHSA-hxmr-5gv9-6p8v", "reference_id": "GHSA-hxmr-5gv9-6p8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxmr-5gv9-6p8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19365?format=api", "purl": "pkg:composer/librenms/librenms@22.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0575", "GHSA-hxmr-5gv9-6p8v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3tp-p2ay-5bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102213?format=api", "vulnerability_id": "VCID-k3xn-xjwb-a3en", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62365", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00049", "published_at": "2026-06-12T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00048", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62365" }, { "reference_url": "https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008", "reference_id": "30d3dd7e5f5e22a8c23c9db3ad90a731c005b008", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:16:34Z/" } ], "url": "https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62365", "reference_id": "CVE-2025-62365", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62365" }, { "reference_url": "https://github.com/advisories/GHSA-86rg-8hc8-v82p", "reference_id": "GHSA-86rg-8hc8-v82p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86rg-8hc8-v82p" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p", "reference_id": "GHSA-86rg-8hc8-v82p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:16:34Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34210?format=api", "purl": "pkg:composer/librenms/librenms@25.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.7.0" } ], "aliases": [ "CVE-2025-62365", "GHSA-86rg-8hc8-v82p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3xn-xjwb-a3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70883?format=api", "vulnerability_id": "VCID-k5z7-q82d-tue6", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26988", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "4e-05", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26988" }, { "reference_url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1", "reference_id": "15429580baba03ed1dd377bada1bde4b7a1175a1", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/" } ], "url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1" }, { "reference_url": "https://github.com/librenms/librenms/pull/18777", "reference_id": "18777", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/" } ], "url": "https://github.com/librenms/librenms/pull/18777" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26988", "reference_id": "CVE-2026-26988", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26988" }, { "reference_url": "https://github.com/advisories/GHSA-h3rv-q4rq-pqcv", "reference_id": "GHSA-h3rv-q4rq-pqcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3rv-q4rq-pqcv" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv", "reference_id": "GHSA-h3rv-q4rq-pqcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26988", "GHSA-h3rv-q4rq-pqcv" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5z7-q82d-tue6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204153?format=api", "vulnerability_id": "VCID-kj8w-8fft-m3em", "summary": "SQL Injection in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12465", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00366", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00367", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12465" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-sql-injection-vulnerability-xl-19-024/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12465", "reference_id": "CVE-2019-12465", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12465" }, { "reference_url": "https://github.com/advisories/GHSA-878x-85hc-gc4g", "reference_id": "GHSA-878x-85hc-gc4g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-878x-85hc-gc4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15650?format=api", "purl": "pkg:composer/librenms/librenms@1.53.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.53.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/448361?format=api", "purl": "pkg:composer/librenms/librenms@1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.53" } ], "aliases": [ "CVE-2019-12465", "GHSA-878x-85hc-gc4g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj8w-8fft-m3em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88264?format=api", "vulnerability_id": "VCID-kmqh-r237-a7gu", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is fixed in version 25.7.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22496", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22692", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54138" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54138", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54138" }, { "reference_url": "https://github.com/librenms/librenms/pull/17990", "reference_id": "17990", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/" } ], "url": "https://github.com/librenms/librenms/pull/17990" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/25.7.0", "reference_id": "25.7.0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/" } ], "url": "https://github.com/librenms/librenms/releases/tag/25.7.0" }, { "reference_url": "https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81", "reference_id": "ec89714d929ef0cf2321957ed9198b0f18396c81", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/" } ], "url": "https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81" }, { "reference_url": "https://github.com/advisories/GHSA-gq96-8w38-hhj2", "reference_id": "GHSA-gq96-8w38-hhj2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gq96-8w38-hhj2" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2", "reference_id": "GHSA-gq96-8w38-hhj2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34210?format=api", "purl": "pkg:composer/librenms/librenms@25.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.7.0" } ], "aliases": [ "CVE-2025-54138", "GHSA-gq96-8w38-hhj2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqh-r237-a7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357202?format=api", "vulnerability_id": "VCID-kujx-pwg2-9kfx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0692", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06949", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48294" }, { "reference_url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2" }, { "reference_url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48294", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48294" }, { "reference_url": "https://github.com/advisories/GHSA-fpq5-4vwm-78x4", "reference_id": "GHSA-fpq5-4vwm-78x4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpq5-4vwm-78x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381058?format=api", "purl": "pkg:composer/librenms/librenms@23.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-48294", "GHSA-fpq5-4vwm-78x4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kujx-pwg2-9kfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359973?format=api", "vulnerability_id": "VCID-mb8k-971z-myd1", "summary": "Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references.\n\n## Original Description\nLibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6204", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6204" }, { "reference_url": "https://github.com/advisories/GHSA-7549-ggpq-22w8", "reference_id": "GHSA-7549-ggpq-22w8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7549-ggpq-22w8" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh", "reference_id": "GHSA-pr3g-phhr-h8fh", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40935?format=api", "purl": "pkg:composer/librenms/librenms@26.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.3.0" } ], "aliases": [ "GHSA-7549-ggpq-22w8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mb8k-971z-myd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57737?format=api", "vulnerability_id": "VCID-mj4h-397a-nqbz", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13599", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1348", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47524" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47524", "reference_id": "CVE-2024-47524", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47524" }, { "reference_url": "https://github.com/librenms/librenms/commit/d3b51560a8e2343e520d16e9adc72c6951aa91ee", "reference_id": "d3b51560a8e2343e520d16e9adc72c6951aa91ee", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T12:58:50Z/" } ], "url": "https://github.com/librenms/librenms/commit/d3b51560a8e2343e520d16e9adc72c6951aa91ee" }, { "reference_url": "https://github.com/advisories/GHSA-fc38-2254-48g7", "reference_id": "GHSA-fc38-2254-48g7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fc38-2254-48g7" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-fc38-2254-48g7", "reference_id": "GHSA-fc38-2254-48g7", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T12:58:50Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-fc38-2254-48g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47524", "GHSA-fc38-2254-48g7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj4h-397a-nqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91558?format=api", "vulnerability_id": "VCID-nexf-h4db-vkh5", "summary": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10545", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1049", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23201" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23201", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23201" }, { "reference_url": "https://github.com/advisories/GHSA-g84x-g96g-rcjc", "reference_id": "GHSA-g84x-g96g-rcjc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g84x-g96g-rcjc" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc", "reference_id": "GHSA-g84x-g96g-rcjc", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T15:01:52Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372528?format=api", "purl": "pkg:composer/librenms/librenms@24.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.11.0" } ], "aliases": [ "CVE-2025-23201", "GHSA-g84x-g96g-rcjc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nexf-h4db-vkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174836?format=api", "vulnerability_id": "VCID-p7fj-s4ra-rqfe", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85742", "scoring_system": "epss", "scoring_elements": "0.99399", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.86005", "scoring_system": "epss", "scoring_elements": "0.9941", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3562" }, { "reference_url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645", "reference_id": "43cb72549d90e338f902b359a83c23d3cb5a2645", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T18:08:34Z/" } ], "url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645" }, { "reference_url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657", "reference_id": "bb9f76db-1314-44ae-9ccc-2b69679aa657", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T18:08:34Z/" } ], "url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3562", "reference_id": "CVE-2022-3562", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3562" }, { "reference_url": "https://github.com/advisories/GHSA-5h77-4245-pg5p", "reference_id": "GHSA-5h77-4245-pg5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h77-4245-pg5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-3562", "GHSA-5h77-4245-pg5p" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7fj-s4ra-rqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53229?format=api", "vulnerability_id": "VCID-py7t-waeg-cfh8", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35712", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35532", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32461" }, { "reference_url": "https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6", "reference_id": "16811991bb5fff6", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/" } ], "url": "https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32461", "reference_id": "CVE-2024-32461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32461" }, { "reference_url": "https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33", "reference_id": "d29201fce134347f891102699fbde7070debee33", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/" } ], "url": "https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33" }, { "reference_url": "https://github.com/advisories/GHSA-cwx6-cx7x-4q34", "reference_id": "GHSA-cwx6-cx7x-4q34", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwx6-cx7x-4q34" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34", "reference_id": "GHSA-cwx6-cx7x-4q34", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30707?format=api", "purl": "pkg:composer/librenms/librenms@24.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0" } ], "aliases": [ "CVE-2024-32461", "GHSA-cwx6-cx7x-4q34" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-py7t-waeg-cfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204154?format=api", "vulnerability_id": "VCID-qc4w-r2jh-a7hx", "summary": "SQL Injection in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00843", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00847", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10671" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-multiple-sql-injection-vulnerability-xl-19-025/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10671", "reference_id": "CVE-2019-10671", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10671" }, { "reference_url": "https://github.com/advisories/GHSA-g9xh-3w5g-229r", "reference_id": "GHSA-g9xh-3w5g-229r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9xh-3w5g-229r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15649?format=api", "purl": "pkg:composer/librenms/librenms@1.50.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-wtgu-cr2f-33cb" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.50.1" } ], "aliases": [ "CVE-2019-10671", "GHSA-g9xh-3w5g-229r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc4w-r2jh-a7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53126?format=api", "vulnerability_id": "VCID-r2tp-4cm4-b3b1", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61546", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61442", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32480" }, { "reference_url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "reference_id": "83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/" } ], "url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32480", "reference_id": "CVE-2024-32480", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32480" }, { "reference_url": "https://github.com/advisories/GHSA-jh57-j3vq-h438", "reference_id": "GHSA-jh57-j3vq-h438", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh57-j3vq-h438" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "reference_id": "GHSA-jh57-j3vq-h438", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30707?format=api", "purl": "pkg:composer/librenms/librenms@24.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0" } ], "aliases": [ "CVE-2024-32480", "GHSA-jh57-j3vq-h438" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2tp-4cm4-b3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140294?format=api", "vulnerability_id": "VCID-r7fv-dr67-j7ht", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1154", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11462", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4979" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4979", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4979" }, { "reference_url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03", "reference_id": "49d66fa31b43acef02eaa09ee9af15fe7e16cd03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:14Z/" } ], "url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03" }, { "reference_url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f", "reference_id": "e67f8f5d-4048-404f-9b86-cb6b8719b77f", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:14Z/" } ], "url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f" }, { "reference_url": "https://github.com/advisories/GHSA-jp3c-g46v-jg2c", "reference_id": "GHSA-jp3c-g46v-jg2c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp3c-g46v-jg2c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4979", "GHSA-jp3c-g46v-jg2c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7fv-dr67-j7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91291?format=api", "vulnerability_id": "VCID-rfwn-r567-qben", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65093", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00144", "published_at": "2026-06-11T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00143", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65093" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65093", "reference_id": "CVE-2025-65093", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65093" }, { "reference_url": "https://github.com/advisories/GHSA-6pmj-xjxp-p8g9", "reference_id": "GHSA-6pmj-xjxp-p8g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pmj-xjxp-p8g9" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9", "reference_id": "GHSA-6pmj-xjxp-p8g9", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:58:37Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35293?format=api", "purl": "pkg:composer/librenms/librenms@25.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0" } ], "aliases": [ "CVE-2025-65093", "GHSA-6pmj-xjxp-p8g9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfwn-r567-qben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211390?format=api", "vulnerability_id": "VCID-s58c-1ss7-jbh1", "summary": "LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.5556", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55439", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3231" }, { "reference_url": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8" }, { "reference_url": "https://github.com/librenms/librenms/pull/14360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/14360" }, { "reference_url": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3231", "reference_id": "CVE-2022-3231", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3231" }, { "reference_url": "https://github.com/advisories/GHSA-3jh2-wmv7-m932", "reference_id": "GHSA-3jh2-wmv7-m932", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3jh2-wmv7-m932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26868?format=api", "purl": "pkg:composer/librenms/librenms@22.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-3231", "GHSA-3jh2-wmv7-m932" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s58c-1ss7-jbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208207?format=api", "vulnerability_id": "VCID-sm1m-7ca9-vfb4", "summary": "Improper Authorization in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0587", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00059", "published_at": "2026-06-12T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00058", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0587" }, { "reference_url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" }, { "reference_url": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0587", "reference_id": "CVE-2022-0587", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0587" }, { "reference_url": "https://github.com/advisories/GHSA-ppfm-rj6p-38q6", "reference_id": "GHSA-ppfm-rj6p-38q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ppfm-rj6p-38q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19365?format=api", "purl": "pkg:composer/librenms/librenms@22.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0587", "GHSA-ppfm-rj6p-38q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sm1m-7ca9-vfb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204148?format=api", "vulnerability_id": "VCID-sp7z-xykf-e7ce", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10667", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00173", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10667" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10667", "reference_id": "CVE-2019-10667", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10667" }, { "reference_url": "https://github.com/advisories/GHSA-f4hh-xxqh-wgpq", "reference_id": "GHSA-f4hh-xxqh-wgpq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4hh-xxqh-wgpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15649?format=api", "purl": "pkg:composer/librenms/librenms@1.50.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-wtgu-cr2f-33cb" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.50.1" } ], "aliases": [ "CVE-2019-10667", "GHSA-f4hh-xxqh-wgpq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sp7z-xykf-e7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140189?format=api", "vulnerability_id": "VCID-srqm-zv16-eubv", "summary": "Code Injection in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18488", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18325", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4977" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4977", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4977" }, { "reference_url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0", "reference_id": "1194934d31c795a3f6877a96ffaa34b1f475bdd0", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:32:02Z/" } ], "url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0" }, { "reference_url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc", "reference_id": "3db8a1a4-ca2d-45df-be18-a959ebf82fbc", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:32:02Z/" } ], "url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc" }, { "reference_url": "https://github.com/advisories/GHSA-57m2-mpc7-gwgx", "reference_id": "GHSA-57m2-mpc7-gwgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57m2-mpc7-gwgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4977", "GHSA-57m2-mpc7-gwgx" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-srqm-zv16-eubv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102665?format=api", "vulnerability_id": "VCID-st22-w6hp-tka9", "summary": "LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62412", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00028", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62412" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/25.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/25.10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62412", "reference_id": "CVE-2025-62412", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62412" }, { "reference_url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f", "reference_id": "dccdf6769976a974d70f06a7ce8d5a846b29db6f", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:25:48Z/" } ], "url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f" }, { "reference_url": "https://github.com/advisories/GHSA-6g2v-66ch-6xmh", "reference_id": "GHSA-6g2v-66ch-6xmh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6g2v-66ch-6xmh" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh", "reference_id": "GHSA-6g2v-66ch-6xmh", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:25:48Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34532?format=api", "purl": "pkg:composer/librenms/librenms@25.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.10.0" } ], "aliases": [ "CVE-2025-62412", "GHSA-6g2v-66ch-6xmh" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-st22-w6hp-tka9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38477?format=api", "vulnerability_id": "VCID-tdcf-uak3-gfec", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Manage User Access\" page allows authenticated users to inject arbitrary JavaScript through the \"bill_name\" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the \"Bill Access\" dropdown in the user's \"Manage Access\" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68351", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68263", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49759" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49759", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49759" }, { "reference_url": "https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0", "reference_id": "237f4d2e818170171dfad6efad36a275cd2ba8d0", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:52:28Z/" } ], "url": "https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0" }, { "reference_url": "https://github.com/advisories/GHSA-888j-pjqh-fx58", "reference_id": "GHSA-888j-pjqh-fx58", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-888j-pjqh-fx58" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58", "reference_id": "GHSA-888j-pjqh-fx58", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:52:28Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-49759", "GHSA-888j-pjqh-fx58" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdcf-uak3-gfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169168?format=api", "vulnerability_id": "VCID-tj46-drf4-q7hy", "summary": "Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4070", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00138", "published_at": "2026-06-12T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00139", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4070" }, { "reference_url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775", "reference_id": "72d426bb-b56e-4534-88ba-0d11381b0775", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:14:00Z/" } ], "url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775" }, { "reference_url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc", "reference_id": "ce8e5f3d056829bfa7a845f9dc2757e21e419ddc", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:14:00Z/" } ], "url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4070", "reference_id": "CVE-2022-4070", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4070" }, { "reference_url": "https://github.com/advisories/GHSA-x93j-3hh3-6x23", "reference_id": "GHSA-x93j-3hh3-6x23", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x93j-3hh3-6x23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-4070", "GHSA-x93j-3hh3-6x23" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj46-drf4-q7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56881?format=api", "vulnerability_id": "VCID-tq42-r5ny-nbfu", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11787", "scoring_system": "epss", "scoring_elements": "0.9389", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11787", "scoring_system": "epss", "scoring_elements": "0.9387", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50352" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50352", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50352" }, { "reference_url": "https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc", "reference_id": "b4af778ca42c5839801f16ece53505bb7fa1e7bc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:11:34Z/" } ], "url": "https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc" }, { "reference_url": "https://github.com/advisories/GHSA-qr8f-5qqg-j3wg", "reference_id": "GHSA-qr8f-5qqg-j3wg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qr8f-5qqg-j3wg" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg", "reference_id": "GHSA-qr8f-5qqg-j3wg", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:11:34Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-50352", "GHSA-qr8f-5qqg-j3wg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq42-r5ny-nbfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139952?format=api", "vulnerability_id": "VCID-tube-fx1x-cka6", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77441", "scoring_system": "epss", "scoring_elements": "0.9901", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.77441", "scoring_system": "epss", "scoring_elements": "0.99006", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4347" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4347", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4347" }, { "reference_url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f", "reference_id": "1f78c6e1-2923-46c5-9376-4cc5a8f1152f", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:39:38Z/" } ], "url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f" }, { "reference_url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824", "reference_id": "91c57a1ee54631e071b6b0c952d99c8ee892e824", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:39:38Z/" } ], "url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824" }, { "reference_url": "https://github.com/advisories/GHSA-m6pf-cm3f-7876", "reference_id": "GHSA-m6pf-cm3f-7876", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6pf-cm3f-7876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380662?format=api", "purl": "pkg:composer/librenms/librenms@23.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4347", "GHSA-m6pf-cm3f-7876" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tube-fx1x-cka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35290?format=api", "vulnerability_id": "VCID-u5dh-nt5q-4kh2", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Custom OID\" tab of a device allows authenticated users to inject arbitrary JavaScript through the \"unit\" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76245", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51497", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51497" }, { "reference_url": "https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b", "reference_id": "42b156e42a3811c23758772ce8c63d4d3eaba59b", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:16:10Z/" } ], "url": "https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b" }, { "reference_url": "https://github.com/advisories/GHSA-gv4m-f6fx-859x", "reference_id": "GHSA-gv4m-f6fx-859x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gv4m-f6fx-859x" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x", "reference_id": "GHSA-gv4m-f6fx-859x", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:16:10Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-51497", "GHSA-gv4m-f6fx-859x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u5dh-nt5q-4kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169151?format=api", "vulnerability_id": "VCID-upyd-sq4n-hycq", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85276", "scoring_system": "epss", "scoring_elements": "0.99382", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.85276", "scoring_system": "epss", "scoring_elements": "0.9938", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4067" }, { "reference_url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72", "reference_id": "3ca7023e-d95c-423f-9e9a-222a67a8ee72", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:56:31Z/" } ], "url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72" }, { "reference_url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c", "reference_id": "8e85698aa3aa4884c2f3d6c987542477eb64f07c", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:56:31Z/" } ], "url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4067", "reference_id": "CVE-2022-4067", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4067" }, { "reference_url": "https://github.com/advisories/GHSA-qch4-jmf8-xvp7", "reference_id": "GHSA-qch4-jmf8-xvp7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qch4-jmf8-xvp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-4067", "GHSA-qch4-jmf8-xvp7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upyd-sq4n-hycq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91175?format=api", "vulnerability_id": "VCID-uwnc-rpz9-7be2", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65014", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00024", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65014" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65014", "reference_id": "CVE-2025-65014", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65014" }, { "reference_url": "https://github.com/advisories/GHSA-5mrf-j8v6-f45g", "reference_id": "GHSA-5mrf-j8v6-f45g", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mrf-j8v6-f45g" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g", "reference_id": "GHSA-5mrf-j8v6-f45g", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:53:12Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35293?format=api", "purl": "pkg:composer/librenms/librenms@25.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0" } ], "aliases": [ "CVE-2025-65014", "GHSA-5mrf-j8v6-f45g" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwnc-rpz9-7be2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152598?format=api", "vulnerability_id": "VCID-veyg-29sb-x7cs", "summary": "LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02976", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02986", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36947" }, { "reference_url": "https://community.librenms.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.librenms.org" }, { "reference_url": "https://www.exploit-db.com/exploits/49246", "reference_id": "49246", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T21:08:15Z/" } ], "url": "https://www.exploit-db.com/exploits/49246" }, { "reference_url": "https://community.librenms.org/", "reference_id": "community.librenms.org", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T21:08:15Z/" } ], "url": "https://community.librenms.org/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36947", "reference_id": "CVE-2020-36947", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36947" }, { "reference_url": "https://github.com/advisories/GHSA-qp2j-v5jg-hg68", "reference_id": "GHSA-qp2j-v5jg-hg68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qp2j-v5jg-hg68" }, { "reference_url": "https://github.com/librenms/librenms", "reference_id": "librenms", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T21:08:15Z/" } ], "url": "https://github.com/librenms/librenms" }, { "reference_url": "https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection", "reference_id": "librenms-mac-accounting-graph-authenticated-sql-injection", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T21:08:15Z/" } ], "url": "https://www.vulncheck.com/advisories/librenms-mac-accounting-graph-authenticated-sql-injection" }, { "reference_url": "https://www.librenms.org", "reference_id": "www.librenms.org", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T21:08:15Z/" } ], "url": "https://www.librenms.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/437964?format=api", "purl": "pkg:composer/librenms/librenms@1.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-5qc1-g4x7-n3fp" }, { "vulnerability": "VCID-61va-qddt-rbf2" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cewc-v19g-yqf6" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-qc4w-r2jh-a7hx" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-sp7z-xykf-e7ce" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.47" } ], "aliases": [ "CVE-2020-36947", "GHSA-qp2j-v5jg-hg68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-veyg-29sb-x7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208208?format=api", "vulnerability_id": "VCID-vhry-3hqm-bbaz", "summary": "Improper Access Control in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0580", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00032", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0580" }, { "reference_url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" }, { "reference_url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0580", "reference_id": "CVE-2022-0580", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0580" }, { "reference_url": "https://github.com/advisories/GHSA-33wf-4crm-2322", "reference_id": "GHSA-33wf-4crm-2322", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-33wf-4crm-2322" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19365?format=api", "purl": "pkg:composer/librenms/librenms@22.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0580", "GHSA-33wf-4crm-2322" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhry-3hqm-bbaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119572?format=api", "vulnerability_id": "VCID-vqdk-y6g3-gugt", "summary": "LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47931", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00421", "published_at": "2026-06-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0042", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47931" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47931", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47931" }, { "reference_url": "https://github.com/librenms/librenms/pull/17603", "reference_id": "17603", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/" } ], "url": "https://github.com/librenms/librenms/pull/17603" }, { "reference_url": "https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062", "reference_id": "88fe1a7abdb500d9a2d4c45f9872df54c9ff8062", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/" } ], "url": "https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062" }, { "reference_url": "https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284", "reference_id": "addhost.inc.php#L284", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/" } ], "url": "https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284" }, { "reference_url": "https://github.com/advisories/GHSA-hxw5-9cc5-cmw5", "reference_id": "GHSA-hxw5-9cc5-cmw5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hxw5-9cc5-cmw5" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5", "reference_id": "GHSA-hxw5-9cc5-cmw5", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379007?format=api", "purl": "pkg:composer/librenms/librenms@25.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.5.0" } ], "aliases": [ "CVE-2025-47931", "GHSA-hxw5-9cc5-cmw5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqdk-y6g3-gugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140068?format=api", "vulnerability_id": "VCID-w5bg-g2j5-7qh2", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1154", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11462", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4980" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4980", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4980" }, { "reference_url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976", "reference_id": "470b9b13-b7fe-4b3f-a186-fdc5dc193976", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:54Z/" } ], "url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976" }, { "reference_url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97", "reference_id": "cfd642be6a1e988453bd63069d17db3664e7de97", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:54Z/" } ], "url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97" }, { "reference_url": "https://github.com/advisories/GHSA-qxrq-376q-p39h", "reference_id": "GHSA-qxrq-376q-p39h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxrq-376q-p39h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4980", "GHSA-qxrq-376q-p39h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5bg-g2j5-7qh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91811?format=api", "vulnerability_id": "VCID-wkpv-dkbj-6ybd", "summary": "librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48535", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48398", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23199" }, { "reference_url": "https://github.com/librenms/librenms/commit/9d07d166b87634091dcf21c62b28f9b42a3118c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/9d07d166b87634091dcf21c62b28f9b42a3118c4" }, { "reference_url": "https://github.com/librenms/librenms/pull/16721", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/16721" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23199", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23199" }, { "reference_url": "https://github.com/advisories/GHSA-27vf-3g4f-6jp7", "reference_id": "GHSA-27vf-3g4f-6jp7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-27vf-3g4f-6jp7" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7", "reference_id": "GHSA-27vf-3g4f-6jp7", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T14:56:42Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372528?format=api", "purl": "pkg:composer/librenms/librenms@24.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.11.0" } ], "aliases": [ "CVE-2025-23199", "GHSA-27vf-3g4f-6jp7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkpv-dkbj-6ybd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139914?format=api", "vulnerability_id": "VCID-wq47-3ncm-7kfn", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4982", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00311", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00312", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4982" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4982", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4982" }, { "reference_url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769", "reference_id": "2c5960631c49f7414f61b6d4dcd305b07da05769", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:05Z/" } ], "url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769" }, { "reference_url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e", "reference_id": "d3c2dd8a-883c-400e-a1a7-326c3fd37b9e", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:05Z/" } ], "url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e" }, { "reference_url": "https://github.com/advisories/GHSA-m6jj-fgmh-3p8r", "reference_id": "GHSA-m6jj-fgmh-3p8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6jj-fgmh-3p8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379627?format=api", "purl": "pkg:composer/librenms/librenms@23.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-4982", "GHSA-m6jj-fgmh-3p8r" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wq47-3ncm-7kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43383?format=api", "vulnerability_id": "VCID-x61k-4513-hqew", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79296", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01189", "scoring_system": "epss", "scoring_elements": "0.79231", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52526" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52526", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52526" }, { "reference_url": "https://github.com/librenms/librenms/commit/30e522c29bbb1f9b72951025e7049a26c7e1d76e", "reference_id": "30e522c29bbb1f9b72951025e7049a26c7e1d76e", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:38:05Z/" } ], "url": "https://github.com/librenms/librenms/commit/30e522c29bbb1f9b72951025e7049a26c7e1d76e" }, { "reference_url": "https://github.com/advisories/GHSA-8fh4-942r-jf2g", "reference_id": "GHSA-8fh4-942r-jf2g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8fh4-942r-jf2g" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-8fh4-942r-jf2g", "reference_id": "GHSA-8fh4-942r-jf2g", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:38:05Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-8fh4-942r-jf2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-52526", "GHSA-8fh4-942r-jf2g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x61k-4513-hqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70863?format=api", "vulnerability_id": "VCID-x6na-j6w4-n7aj", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP POST request is sent to the Request-URI \"/port-groups\". The name of the newly created port group is stored in the value of the name parameter. After the port group is created, the entry is displayed along with relevant buttons such as Edit and Delete. This issue has been fixed in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26992", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00193", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00194", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26992" }, { "reference_url": "https://github.com/librenms/librenms/pull/19042", "reference_id": "19042", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/" } ], "url": "https://github.com/librenms/librenms/pull/19042" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/26.2.0", "reference_id": "26.2.0", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/" } ], "url": "https://github.com/librenms/librenms/releases/tag/26.2.0" }, { "reference_url": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f", "reference_id": "882fe6f90ea504a3732f83caf89bba7850a5699f", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/" } ], "url": "https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26992", "reference_id": "CVE-2026-26992", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26992" }, { "reference_url": "https://github.com/advisories/GHSA-93fx-g747-695x", "reference_id": "GHSA-93fx-g747-695x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93fx-g747-695x" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x", "reference_id": "GHSA-93fx-g747-695x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26992", "GHSA-93fx-g747-695x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6na-j6w4-n7aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70869?format=api", "vulnerability_id": "VCID-x8rp-7y5r-v3eg", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26990", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00131", "published_at": "2026-06-11T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.0013", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26990" }, { "reference_url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1", "reference_id": "15429580baba03ed1dd377bada1bde4b7a1175a1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/" } ], "url": "https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1" }, { "reference_url": "https://github.com/librenms/librenms/pull/18777", "reference_id": "18777", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/" } ], "url": "https://github.com/librenms/librenms/pull/18777" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26990", "reference_id": "CVE-2026-26990", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26990" }, { "reference_url": "https://github.com/advisories/GHSA-79q9-wc6p-cf92", "reference_id": "GHSA-79q9-wc6p-cf92", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79q9-wc6p-cf92" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92", "reference_id": "GHSA-79q9-wc6p-cf92", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39372?format=api", "purl": "pkg:composer/librenms/librenms@26.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-mb8k-971z-myd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0" } ], "aliases": [ "CVE-2026-26990", "GHSA-79q9-wc6p-cf92" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8rp-7y5r-v3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174603?format=api", "vulnerability_id": "VCID-xf97-1u9d-mbhx", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64975", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64875", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3561" }, { "reference_url": "https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34" }, { "reference_url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34", "reference_id": "7389e6eb-4bce-4b97-999d-d3b70d8cee34", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T19:59:59Z/" } ], "url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3561", "reference_id": "CVE-2022-3561", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3561" }, { "reference_url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242", "reference_id": "d86cbcd96d684e4de8dfa50b4490e4e02782d242", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T19:59:59Z/" } ], "url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242" }, { "reference_url": "https://github.com/advisories/GHSA-264w-gw9g-fhgj", "reference_id": "GHSA-264w-gw9g-fhgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-264w-gw9g-fhgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27935?format=api", "purl": "pkg:composer/librenms/librenms@22.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0" } ], "aliases": [ "CVE-2022-3561", "GHSA-264w-gw9g-fhgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xf97-1u9d-mbhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204151?format=api", "vulnerability_id": "VCID-y1p7-5z78-xkc2", "summary": "Path Traversal in LibreNMS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12464", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00707", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0071", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12464" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019" }, { "reference_url": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-019/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12464", "reference_id": "CVE-2019-12464", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12464" }, { "reference_url": "https://github.com/advisories/GHSA-r336-jxfr-4c3c", "reference_id": "GHSA-r336-jxfr-4c3c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r336-jxfr-4c3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15650?format=api", "purl": "pkg:composer/librenms/librenms@1.53.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.53.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/448361?format=api", "purl": "pkg:composer/librenms/librenms@1.53", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.53" } ], "aliases": [ "CVE-2019-12464", "GHSA-r336-jxfr-4c3c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1p7-5z78-xkc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208156?format=api", "vulnerability_id": "VCID-y22w-mxrw-sbh1", "summary": "Cross-site Scripting in librenms", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0576", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00328", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0576" }, { "reference_url": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd" }, { "reference_url": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177" }, { "reference_url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0576", "reference_id": "CVE-2022-0576", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0576" }, { "reference_url": "https://github.com/advisories/GHSA-rp34-85x3-3764", "reference_id": "GHSA-rp34-85x3-3764", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rp34-85x3-3764" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19367?format=api", "purl": "pkg:composer/librenms/librenms@22.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/19365?format=api", "purl": "pkg:composer/librenms/librenms@22.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2022-0576", "GHSA-rp34-85x3-3764" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y22w-mxrw-sbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57650?format=api", "vulnerability_id": "VCID-ykxk-6j99-hqd2", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with \"admin\" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61488", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61592", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47528" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47528", "reference_id": "CVE-2024-47528", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47528" }, { "reference_url": "https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be", "reference_id": "d959bf1b366319eda16e3cd6dfda8a22beb203be", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:07:21Z/" } ], "url": "https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be" }, { "reference_url": "https://github.com/advisories/GHSA-x8gm-j36p-fppf", "reference_id": "GHSA-x8gm-j36p-fppf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x8gm-j36p-fppf" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf", "reference_id": "GHSA-x8gm-j36p-fppf", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:07:21Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47528", "GHSA-x8gm-j36p-fppf" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykxk-6j99-hqd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302732?format=api", "vulnerability_id": "VCID-zbz2-hwqc-6ye4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06525", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06549", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18478" }, { "reference_url": "https://github.com/librenms/librenms/issues/9170", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/issues/9170" }, { "reference_url": "https://github.com/librenms/librenms/pull/9171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/pull/9171" }, { "reference_url": "https://github.com/librenms/librenms/releases/tag/1.44", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/releases/tag/1.44" }, { "reference_url": "https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18478", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386494?format=api", "purl": "pkg:composer/librenms/librenms@1.44.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.44.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/432650?format=api", "purl": "pkg:composer/librenms/librenms@1.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-1bhu-qkzp-tqas" }, { "vulnerability": "VCID-2dax-4ghn-mffp" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-3qv3-74t6-6fhs" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-5qc1-g4x7-n3fp" }, { "vulnerability": "VCID-61va-qddt-rbf2" }, { "vulnerability": "VCID-656h-mks2-6yaw" }, { "vulnerability": "VCID-8333-p936-4yen" }, { "vulnerability": "VCID-8xsz-9mtq-w7ct" }, { "vulnerability": "VCID-8ytn-qf7f-yfbf" }, { "vulnerability": "VCID-91gw-qj5p-y3ed" }, { "vulnerability": "VCID-92gm-nsf8-d7dt" }, { "vulnerability": "VCID-98wd-pvht-nqfu" }, { "vulnerability": "VCID-9zy9-ue2n-87b4" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-bgm3-4nkb-c3bs" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cewc-v19g-yqf6" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dku9-fked-fueu" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-ek4h-m8w9-t7bp" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-gzvy-qsmz-a7ca" }, { "vulnerability": "VCID-hhhz-1bd6-3bfy" }, { "vulnerability": "VCID-j176-ekvg-3ufv" }, { "vulnerability": "VCID-ja3k-pqg6-cuct" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3tp-p2ay-5bf3" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kj8w-8fft-m3em" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-kujx-pwg2-9kfx" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-p7fj-s4ra-rqfe" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-qc4w-r2jh-a7hx" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-r7fv-dr67-j7ht" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-s58c-1ss7-jbh1" }, { "vulnerability": "VCID-sm1m-7ca9-vfb4" }, { "vulnerability": "VCID-sp7z-xykf-e7ce" }, { "vulnerability": "VCID-srqm-zv16-eubv" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tj46-drf4-q7hy" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-tube-fx1x-cka6" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-upyd-sq4n-hycq" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-veyg-29sb-x7cs" }, { "vulnerability": "VCID-vhry-3hqm-bbaz" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-w5bg-g2j5-7qh2" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-wq47-3ncm-7kfn" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-xf97-1u9d-mbhx" }, { "vulnerability": "VCID-y1p7-5z78-xkc2" }, { "vulnerability": "VCID-y22w-mxrw-sbh1" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" }, { "vulnerability": "VCID-zz5d-y7ak-zbdm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.44" } ], "aliases": [ "CVE-2018-18478", "GHSA-9m82-f3wx-p625" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbz2-hwqc-6ye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56949?format=api", "vulnerability_id": "VCID-zhac-9svg-4fb3", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the \"Port Settings\" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00936", "scoring_system": "epss", "scoring_elements": "0.76625", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00936", "scoring_system": "epss", "scoring_elements": "0.76695", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50350" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50350", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50350" }, { "reference_url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0", "reference_id": "82a744bfe29017b8b58b5752ab9e1b335bedf0a0", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:45:19Z/" } ], "url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0" }, { "reference_url": "https://github.com/advisories/GHSA-xh4g-c9p6-5jxg", "reference_id": "GHSA-xh4g-c9p6-5jxg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xh4g-c9p6-5jxg" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg", "reference_id": "GHSA-xh4g-c9p6-5jxg", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:45:19Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39373?format=api", "purl": "pkg:composer/librenms/librenms@24.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-adhj-ruja-n7gb" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0" } ], "aliases": [ "CVE-2024-50350", "GHSA-xh4g-c9p6-5jxg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhac-9svg-4fb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57663?format=api", "vulnerability_id": "VCID-zwya-b48n-tfcg", "summary": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Device Dependencies\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\"hostname\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59989", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0038", "scoring_system": "epss", "scoring_elements": "0.59881", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47527" }, { "reference_url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74" }, { "reference_url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685", "reference_id": "36b38a50cc10d4ed16caab92bdc18ed6abac9685", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-01T20:34:28Z/" } ], "url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47527", "reference_id": "CVE-2024-47527", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47527" }, { "reference_url": "https://github.com/advisories/GHSA-rwwc-2v8q-gc9v", "reference_id": "GHSA-rwwc-2v8q-gc9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwwc-2v8q-gc9v" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v", "reference_id": "GHSA-rwwc-2v8q-gc9v", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-01T20:34:28Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33584?format=api", "purl": "pkg:composer/librenms/librenms@24.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-e4k8-c86a-ekda" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-q132-6t8v-33h4" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-zhac-9svg-4fb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0" } ], "aliases": [ "CVE-2024-47527", "GHSA-rwwc-2v8q-gc9v" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwya-b48n-tfcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146392?format=api", "vulnerability_id": "VCID-zz5d-y7ak-zbdm", "summary": "LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4506", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45209", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48295" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48295", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48295" }, { "reference_url": "https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21", "reference_id": "DeviceGroupController.php#L173C21-L173C21", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/" } ], "url": "https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21" }, { "reference_url": "https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90", "reference_id": "faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/" } ], "url": "https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90" }, { "reference_url": "https://github.com/advisories/GHSA-8phr-637g-pxrg", "reference_id": "GHSA-8phr-637g-pxrg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8phr-637g-pxrg" }, { "reference_url": "https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg", "reference_id": "GHSA-8phr-637g-pxrg", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/" } ], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381058?format=api", "purl": "pkg:composer/librenms/librenms@23.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18g9-2u9c-nbez" }, { "vulnerability": "VCID-2gun-mcx6-akcy" }, { "vulnerability": "VCID-2zej-x5n6-cqbf" }, { "vulnerability": "VCID-3faw-j7vn-hfaz" }, { "vulnerability": "VCID-4syp-nckb-9fbw" }, { "vulnerability": "VCID-5999-8pth-d7ba" }, { "vulnerability": "VCID-5ehc-2e2v-wkgb" }, { "vulnerability": "VCID-7eqy-4u3h-5fa5" }, { "vulnerability": "VCID-ae82-tsr6-c3cw" }, { "vulnerability": "VCID-byb9-nnem-5bdu" }, { "vulnerability": "VCID-c5qg-fsdx-w7eg" }, { "vulnerability": "VCID-cc1u-4ca7-v7he" }, { "vulnerability": "VCID-cmqg-e3da-r7cf" }, { "vulnerability": "VCID-cntm-etf9-kkbv" }, { "vulnerability": "VCID-dgdu-jnbz-2qbe" }, { "vulnerability": "VCID-dmsz-ct8c-zuf9" }, { "vulnerability": "VCID-eq4t-1cwx-zfh5" }, { "vulnerability": "VCID-eyv3-xp88-t7en" }, { "vulnerability": "VCID-g8zs-nkxb-hyc4" }, { "vulnerability": "VCID-gnfs-vu51-cbda" }, { "vulnerability": "VCID-gppp-bfnm-7ba6" }, { "vulnerability": "VCID-js2a-whr7-dufs" }, { "vulnerability": "VCID-k3xn-xjwb-a3en" }, { "vulnerability": "VCID-k5z7-q82d-tue6" }, { "vulnerability": "VCID-kmqh-r237-a7gu" }, { "vulnerability": "VCID-mb8k-971z-myd1" }, { "vulnerability": "VCID-mj4h-397a-nqbz" }, { "vulnerability": "VCID-nexf-h4db-vkh5" }, { "vulnerability": "VCID-py7t-waeg-cfh8" }, { "vulnerability": "VCID-r2tp-4cm4-b3b1" }, { "vulnerability": "VCID-rfwn-r567-qben" }, { "vulnerability": "VCID-st22-w6hp-tka9" }, { "vulnerability": "VCID-tdcf-uak3-gfec" }, { "vulnerability": "VCID-tq42-r5ny-nbfu" }, { "vulnerability": "VCID-u5dh-nt5q-4kh2" }, { "vulnerability": "VCID-uwnc-rpz9-7be2" }, { "vulnerability": "VCID-vqdk-y6g3-gugt" }, { "vulnerability": "VCID-wkpv-dkbj-6ybd" }, { "vulnerability": "VCID-x61k-4513-hqew" }, { "vulnerability": "VCID-x6na-j6w4-n7aj" }, { "vulnerability": "VCID-x8rp-7y5r-v3eg" }, { "vulnerability": "VCID-ykxk-6j99-hqd2" }, { "vulnerability": "VCID-zhac-9svg-4fb3" }, { "vulnerability": "VCID-zwya-b48n-tfcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/520342?format=api", "purl": "pkg:composer/librenms/librenms@201609", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609" } ], "aliases": [ "CVE-2023-48295", "GHSA-8phr-637g-pxrg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zz5d-y7ak-zbdm" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@1.38" }