Open-Emr Openemr vulnerabilities
216 known vulnerabilities affecting open-emr/openemr.
Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2
Vulnerabilities
Page 5 of 11
CVE-2026-32126P3HIGHCVSS 8.1fixed in 8.0.0.12026-03-11
CVE-2026-32126 [HIGH] CWE-862 CVE-2026-32126: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route() causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorization (review, log), while leaving all other CDR controll
nvd
CVE-2023-2947P4MEDIUMCVSS 4.8fixed in 7.0.12023-05-27
CVE-2023-2947 [MEDIUM] CWE-79 CVE-2023-2947: Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2021-41843P3MEDIUMCVSS 6.5v6.0.02021-12-17
CVE-2021-41843 [MEDIUM] CWE-89 CVE-2021-41843: An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.
nvd
CVE-2022-1178P3MEDIUMCVSS 5.4fixed in 6.0.0.42022-03-30
CVE-2022-1178 [MEDIUM] CWE-79 CVE-2022-1178: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
nvd
CVE-2022-1181P3MEDIUMCVSS 5.4fixed in 6.0.0.22022-03-30
CVE-2022-1181 [MEDIUM] CWE-79 CVE-2022-1181: Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.
nvd
CVE-2022-25471P3HIGHCVSS 8.1v6.0.02022-03-03
CVE-2022-25471 [HIGH] CWE-639 CVE-2022-25471: An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated a
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
nvd
CVE-2018-17181P3CRITICALCVSS 9.8fixed in 5.0.1.72019-05-17
CVE-2018-17181 [CRITICAL] CWE-89 CVE-2018-17181: An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit funct
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
nvd
CVE-2026-25476P3HIGHCVSS 7.5fixed in 8.0.02026-02-25
CVE-2026-25476 [HIGH] CWE-613 CVE-2026-25476: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When `skip_timeout_reset=1` is sent, the entire block that calls `SessionTracker::isSessionExpired()`
nvd
CVE-2026-25928P3MEDIUMCVSS 6.5fixed in 8.0.0.22026-03-19
CVE-2026-25928 [MEDIUM] CWE-22 CVE-2026-25928: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences (e.g. `../`). An attacker with DICOM upload/export permission can write files
nvd
CVE-2026-24908P3MEDIUMCVSS 6.5fixed in 8.0.02026-02-25
CVE-2026-24908 [MEDIUM] CWE-89 CVE-2026-24908: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the `_sort` parameter. This could potentially lead to database access, PHI
nvd
CVE-2026-33914P3HIGHCVSS 7.2fixed in 8.0.0.32026-03-26
CVE-2026-33914 [HIGH] CWE-89 CVE-2026-33914: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the `categoriesUpdate` administrative function. The `dels` POST parameter is read via `pnVarCleanFromInput()`, which only strips HTML tags and performs
nvd
CVE-2021-25919P3MEDIUMCVSS 4.8≥ 5.0.2, ≤ 6.0.0v5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.2.4, 6.0.02021-03-22
CVE-2021-25919 [MEDIUM] CWE-79 CVE-2021-25919: In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
nvd
CVE-2021-25923P3HIGHCVSS 8.1≥ 5.0.0, ≤ 6.0.0.1vv5.0.0, v5.0.0.5, v5.0.0.6, v5.0.1, v5.0.1.1, v5.0.1.2, v5.0.1.3, v5.0.1.4, v5.0.1.5, v5.0.1.6, v5.0.1.7, v5.0.2, v5.0.2.1, v5.0.2.2, v5.0.2.3, v5.0.2.4, v6.0.0, v6.0.0.12021-06-24
CVE-2021-25923 [HIGH] CWE-521 CVE-2021-25923: In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not en
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
nvd
CVE-2022-2493P3HIGHCVSS 8.1fixed in 7.0.02022-07-22
CVE-2022-2493 [HIGH] CWE-1083 CVE-2022-2493: Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
nvd
CVE-2020-29142P3HIGHCVSS 7.2fixed in 5.0.2.52021-02-15
CVE-2020-29142 [HIGH] CWE-89 CVE-2020-29142: A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 a
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
nvd
CVE-2020-29139P3HIGHCVSS 7.2fixed in 5.0.2.52021-02-15
CVE-2020-29139 [HIGH] CWE-89 CVE-2020-29139: A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc i
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
nvd
CVE-2020-29143P3HIGHCVSS 7.2fixed in 5.0.2.52021-02-15
CVE-2020-29143 [HIGH] CWE-89 CVE-2020-29143: A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
nvd
CVE-2020-29140P3HIGHCVSS 7.2fixed in 5.0.2.52021-02-15
CVE-2020-29140 [HIGH] CWE-89 CVE-2020-29140: A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
nvd
CVE-2025-31117P3HIGHCVSS 7.5fixed in 7.0.3.12025-03-31
CVE-2025-31117 [HIGH] CWE-918 CVE-2025-31117: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response b
nvd
CVE-2026-33346P3HIGHCVSS 8.7fixed in 8.0.0.22026-03-19
CVE-2026-33346 [HIGH] CWE-79 CVE-2026-33346: OpenEMR is a free and open source electronic health records and medical practice management applicat
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser of a staff member who reviews the payment submission. Th
nvd