Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenEMR — Vulnerabilities & Security Advisories 120

Browse all 120 CVE security advisories affecting OpenEMR. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by OpenEMR:OpenEMRopenemr/openemr
CVE IDTitleCVSSSeverityPublished
CVE-2026-25131 OpenEMR has Broken Access Control in Procedures Configuration — openemrCWE-862 8.8 High2026-02-25
CVE-2026-25127 OpenEMR has Broken Access Control on Care Coordination Module — openemrCWE-863 3.5 -2026-02-25
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export — openemrCWE-862 6.5 Medium2026-02-25
CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs — openemrCWE-284 6.5 Medium2026-02-25
CVE-2026-24849 OpenEMR Arbitrary File Read Vulnerability — openemrCWE-22 10.0 Critical2026-02-25
CVE-2026-24847 OpenEMR has Open Redirect in Eye Exam Form — openemrCWE-601 6.1 Medium2026-02-25
CVE-2026-21443 OpenEMR allows inconsistent escaping of translation function output — openemrCWE-116 6.1 -2026-02-25
CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation — openemrCWE-79 8.7 High2026-02-25
CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal — openemrCWE-451 6.1 -2026-02-25
CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client — openemrCWE-295 8.1 High2026-02-25
CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper — openemrCWE-79 5.4 -2026-02-25
CVE-2025-67645 OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint — openemrCWE-284 8.8 High2026-01-27
CVE-2025-54373 OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege — openemrCWE-200 5.4AIMediumAI2026-01-27
CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics — openemrCWE-79 7.6 High2025-05-23
CVE-2025-32967 OpenEMR doesn't log password administration properly — openemrCWE-778 5.4 Medium2025-05-23
CVE-2025-32794 OpenEMR Stored XSS via Patient Name Field in Procedure Orders — openemrCWE-79 7.6 High2025-05-23
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature — openemrCWE-79 5.4AIMediumAI2025-04-01
CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability — openemrCWE-918 7.5 -2025-03-31
CVE-2025-30161 OpenEMR Stored XSS in OpenEMR Bronchitis Form — openemrCWE-80 5.4 -2025-03-31
CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script — openemrCWE-79 6.4 Medium2025-03-31
CVE-2025-29772 OpenEMR allows Reflected XSS in CAMOS new.php — openemrCWE-79 6.1 -2025-03-31
CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature — openemrCWE-23 6.5AIMediumAI2025-03-25
CVE-2024-0875 Stored XSS in openemr/openemr — openemr/openemrCWE-79 5.4AIMediumAI2024-11-15
CVE-2023-2950 Improper Authorization in openemr/openemr — openemr/openemrCWE-285 7.1 -2023-05-28
CVE-2023-2949 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemrCWE-79 6.1 -2023-05-28
CVE-2023-2948 Cross-site Scripting (XSS) - Generic in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-28
CVE-2023-2947 Cross-site Scripting (XSS) - Stored in openemr/openemr — openemr/openemrCWE-79 5.4 -2023-05-27
CVE-2023-2946 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 5.4 -2023-05-27
CVE-2023-2945 Missing Authorization in openemr/openemr — openemr/openemrCWE-862 6.5 -2023-05-27
CVE-2023-2944 Improper Access Control in openemr/openemr — openemr/openemrCWE-284 5.4 -2023-05-27

This page lists every published CVE security advisory associated with OpenEMR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.