Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenEMR — Vulnerabilities & Security Advisories 99

All 99 CVE vulnerabilities found in OpenEMR, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-25131 OpenEMR has Broken Access Control in Procedures Configuration CWE-862 8.8 High2026-02-25
CVE-2026-25127 OpenEMR has Broken Access Control on Care Coordination Module CWE-863 3.5 -2026-02-25
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export CWE-862 6.5 Medium2026-02-25
CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs CWE-284 6.5 Medium2026-02-25
CVE-2026-24849 OpenEMR Arbitrary File Read Vulnerability CWE-22 10.0 Critical2026-02-25
CVE-2026-24847 OpenEMR has Open Redirect in Eye Exam Form CWE-601 6.1 Medium2026-02-25
CVE-2026-21443 OpenEMR allows inconsistent escaping of translation function output CWE-116 6.1 -2026-02-25
CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation CWE-79 8.7 High2026-02-25
CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal CWE-451 6.1 -2026-02-25
CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client CWE-295 8.1 High2026-02-25
CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper CWE-79 5.4 -2026-02-25
CVE-2025-67645 OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint CWE-284 8.8 High2026-01-27
CVE-2025-54373 OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege CWE-200 5.4AIMediumAI2026-01-27
CVE-2021-47817 OpenEMR 5.0.2.1 - Remote Code Execution CWE-79 5.4 Medium2026-01-21
CVE-2013-10044 OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE CWE-89 9.9 -2025-08-01
CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics CWE-79 7.6 High2025-05-23
CVE-2025-32967 OpenEMR doesn't log password administration properly CWE-778 5.4 Medium2025-05-23
CVE-2025-32794 OpenEMR Stored XSS via Patient Name Field in Procedure Orders CWE-79 7.6 High2025-05-23
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature CWE-79 5.4AIMediumAI2025-04-01
CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability CWE-918 7.5 -2025-03-31
CVE-2025-30161 OpenEMR Stored XSS in OpenEMR Bronchitis Form CWE-80 5.4 -2025-03-31
CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script CWE-79 6.4 Medium2025-03-31
CVE-2025-29772 OpenEMR allows Reflected XSS in CAMOS new.php CWE-79 6.1 -2025-03-31
CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature CWE-23 6.5AIMediumAI2025-03-25
CVE-2020-13567 phpGACL SQL注入漏洞 CWE-89 9.8 -2022-04-18
CVE-2021-25923 OpenEMR 安全漏洞 8.1 -2021-06-24
CVE-2021-25922 OpenEMR 跨站脚本漏洞 6.1 -2021-03-22
CVE-2021-25917 OpenEMR 跨站脚本漏洞 4.8 -2021-03-22
CVE-2021-25918 OpenEMR 跨站脚本漏洞 4.8 -2021-03-22
CVE-2021-25920 OpenEMR 安全漏洞 6.5 -2021-03-22

All 99 known CVE vulnerabilities affecting OpenEMR with full Chinese analysis, references, and POCs where available.