Librenms Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Librenms products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This stored XSS vulnerability in LibreNMS allows attackers with admin privileges to inject malicious scripts into device group names, which execute wh...
Feb 20, 2026This SQL injection vulnerability in LibreNMS allows attackers to execute arbitrary SQL commands through the ajax_table.php endpoint when searching IPv...
Feb 20, 2026This is a stored cross-site scripting (XSS) vulnerability in LibreNMS that allows attackers with administrative privileges to inject malicious scripts...
Feb 20, 2026LibreNMS versions 25.12.0 and below contain a time-based blind SQL injection vulnerability in the address-search functionality. Authenticated attacker...
Feb 20, 2026This stored XSS vulnerability in LibreNMS allows attackers to inject malicious HTML/JavaScript into alert rule names via the API. When administrators ...
Dec 23, 2025CVE-2025-65093 is a boolean-based blind SQL injection vulnerability in LibreNMS's /ajax_output.php endpoint. Attackers can manipulate the hostname par...
Nov 18, 2025This reflected cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to craft malicious URLs that execute arbitrary JavaScript in vict...
Nov 18, 2025A weak password policy vulnerability in LibreNMS allows administrators to create user accounts with extremely weak passwords like '12345678'. This exp...
Nov 18, 2025This vulnerability in LibreNMS allows remote file inclusion via the ajax_form.php endpoint, potentially leading to remote code execution. Attackers ca...
Jul 22, 2025This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into the 'group name' parameter of the poller groups form. When...
May 17, 2025This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into device display parameters. When administrators view or edi...
Jan 16, 2025This stored cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious scripts through the state parameter in ajax_form...
Jan 16, 2025A stored cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious scripts into the Display Name parameter in Device S...
Dec 5, 2024This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript into the Services tab description field. When othe...
Nov 15, 2024This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript into the Port Settings page via the 'descr' parame...
Nov 15, 2024This is a reflected cross-site scripting (XSS) vulnerability in LibreNMS that allows attackers to inject malicious JavaScript via the 'metric' paramet...
Nov 15, 2024This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into device display names. ...
Nov 15, 2024This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through the device hostname parameter. When victim...
Nov 15, 2024A reflected Cross-Site Scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious JavaScript via the 'section' parameter in device...
Nov 15, 2024This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into device notes. When the...
Nov 15, 2024This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into Device Group names. Wh...
Oct 1, 2024This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through device names in the Device Dependencies fe...
Oct 1, 2024This SQL injection vulnerability in LibreNMS allows attackers to manipulate database queries through the 'order' parameter, potentially extracting ent...
Apr 22, 2024This SQL injection vulnerability in LibreNMS allows authenticated users with global read privileges to execute arbitrary SQL commands via the package ...
Apr 22, 2024CVE-2022-29712 allows remote attackers to execute arbitrary commands on LibreNMS servers through command injection vulnerabilities in service_ip, host...
Jun 2, 2022CVE-2022-0580 is an incorrect authorization vulnerability in LibreNMS that allows authenticated users to access unauthorized functionality. This affec...
Feb 14, 2022Why Monitor Librenms Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Librenms products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Librenms packages in under 60 seconds. No agents required - completely agentless scanning that works across Librenms deployments.
Free vulnerability database: Access detailed information about every Librenms CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Librenms CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
