Vulnerabilities > Open EMR > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-31 CVE-2025-31117 Unspecified vulnerability in Open-Emr Openemr
OpenEMR is a free and open source electronic health records and medical practice management application.
network
low complexity
open-emr
7.5
7.5
2025-03-25 CVE-2025-29789 Relative Path Traversal vulnerability in Open-Emr Openemr
OpenEMR is a free and open source electronic health records and medical practice management application.
network
low complexity
open-emr CWE-23
7.5
7.5
2023-05-28 CVE-2023-2950 Unspecified vulnerability in Open-Emr Openemr
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2946 Unspecified vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2942 Unspecified vulnerability in Open-Emr Openemr
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2943 Unspecified vulnerability in Open-Emr Openemr
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.8
8.8
2023-02-22 CVE-2023-22973 Path Traversal vulnerability in Open-Emr Openemr
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2023-02-22 CVE-2023-22974 Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
network
low complexity
open-emr CWE-552
7.5
7.5
2022-12-17 CVE-2022-4567 Unspecified vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr
8.1
8.1
2022-12-15 CVE-2022-4504 Unspecified vulnerability in Open-Emr Openemr
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr
7.5
7.5