VYPR

Openmrs Core

by Openmrs

Source repositories

CVEs (5)

  • CVE-2026-41258CriMay 15, 2026
    risk 0.52cvss 9.1epss 0.00

    OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox…

  • CVE-2026-40076HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic…

  • CVE-2026-40075HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.01

    OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a…

  • CVE-2018-19276Mar 17, 2019
    risk 0.10cvss epss 0.99

    OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

  • CVE-2022-23612Feb 22, 2022
    risk 0.00cvss epss 0.02

    OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` &…