GLPI vulnerabilities: known CVEs & security history
GLPI Project · IT service management · 189 tracked CVEs · 1 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all GLPI release lines — 189 in total, with 1 actively exploited in the wild. A CVE here doesn't mean your version is affected — check GLPI's current status and the safe version to run.
Known GLPI CVEs
Actively-exploited and most-severe first. Showing the top 80 of 189. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2022-35914⚡ exploited | critical | 9.8 | 100% | 2022 |
| CVE-2023-42802 | critical | 10 | 1% | 2023 |
| CVE-2023-28849 | critical | 10 | 0% | 2023 |
| CVE-2022-35947 | critical | 10 | 1% | 2022 |
| CVE-2025-21619 | critical | 9.8 | 0% | 2025 |
| CVE-2022-31061 | critical | 9.8 | 51% | 2022 |
| CVE-2022-31056 | critical | 9.8 | 7% | 2022 |
| CVE-2021-44617 | critical | 9.8 | 2% | 2022 |
| CVE-2017-11184 | critical | 9.8 | 2% | 2017 |
| CVE-2017-11474 | critical | 9.8 | 1% | 2017 |
| CVE-2017-11329 | critical | 9.8 | 1% | 2017 |
| CVE-2023-28838 | critical | 9.6 | 1% | 2023 |
| CVE-2026-26026 | critical | 9.1 | 0% | 2026 |
| CVE-2015-7684 | high | 9 | 4% | 2015 |
| CVE-2024-47760 | high | 8.8 | 0% | 2024 |
| CVE-2024-47758 | high | 8.8 | 0% | 2024 |
| CVE-2024-27756 | high | 8.8 | 1% | 2024 |
| CVE-2023-28634 | high | 8.8 | 1% | 2023 |
| CVE-2021-39209 | high | 8.8 | 1% | 2021 |
| CVE-2019-14666 | high | 8.8 | 2% | 2019 |
| CVE-2018-13049 | high | 8.8 | 1% | 2018 |
| CVE-2017-11475 | high | 8.8 | 1% | 2017 |
| CVE-2020-15176 | high | 8.7 | 1% | 2020 |
| CVE-2023-46727 | high | 8.6 | 67% | 2023 |
| CVE-2023-36808 | high | 8.6 | 45% | 2023 |
| CVE-2023-35924 | high | 8.6 | 49% | 2023 |
| CVE-2025-24801 | high | 8.5 | 16% | 2025 |
| CVE-2026-26263 | high | 8.1 | 0% | 2026 |
| CVE-2024-48912 | high | 8.1 | 0% | 2024 |
| CVE-2024-40638 | high | 8.1 | 37% | 2024 |
| CVE-2024-37148 | high | 8.1 | 20% | 2024 |
| CVE-2023-41326 | high | 8.1 | 31% | 2023 |
| CVE-2023-41324 | high | 8.1 | 1% | 2023 |
| CVE-2023-41320 | high | 8.1 | 32% | 2023 |
| CVE-2023-35939 | high | 8.1 | 0% | 2023 |
| CVE-2023-28632 | high | 8.1 | 1% | 2023 |
| CVE-2022-29250 | high | 8.1 | 1% | 2022 |
| CVE-2019-10233 | high | 8.1 | 1% | 2019 |
| CVE-2020-15177 | high | 8 | 1% | 2020 |
| CVE-2016-7507 | high | 8 | 0% | 2017 |
| CVE-2020-11031 | high | 7.8 | 0% | 2020 |
| CVE-2024-31456 | high | 7.7 | 63% | 2024 |
| CVE-2024-27096 | high | 7.7 | 63% | 2024 |
| CVE-2023-42462 | high | 7.7 | 1% | 2023 |
| CVE-2021-21326 | high | 7.7 | 1% | 2021 |
| CVE-2020-26212 | high | 7.7 | 1% | 2020 |
| CVE-2020-11036 | high | 7.6 | 1% | 2020 |
| CVE-2020-11032 | high | 7.6 | 1% | 2020 |
| CVE-2026-26027 | high | 7.5 | 0% | 2026 |
| CVE-2025-66417 | high | 7.5 | 0% | 2026 |
| CVE-2025-64516 | high | 7.5 | 0% | 2026 |
| CVE-2025-24799 | high | 7.5 | 86% | 2025 |
| CVE-2025-23046 | high | 7.5 | 0% | 2025 |
| CVE-2024-43416 | high | 7.5 | 1% | 2024 |
| CVE-2023-35940 | high | 7.5 | 1% | 2023 |
| CVE-2023-22500 | high | 7.5 | 1% | 2023 |
| CVE-2022-39371 | high | 7.5 | 0% | 2022 |
| CVE-2022-24867 | high | 7.5 | 1% | 2022 |
| CVE-2020-11035 | high | 7.5 | 1% | 2020 |
| CVE-2013-2227 | high | 7.5 | 13% | 2019 |
| CVE-2019-10477 | high | 7.5 | 2% | 2019 |
| CVE-2018-7562 | high | 7.5 | 2% | 2018 |
| CVE-2016-7508 | high | 7.5 | 2% | 2017 |
| CVE-2014-8360 | high | 7.5 | 3% | 2015 |
| CVE-2013-2226 | high | 7.5 | 3% | 2014 |
| CVE-2022-39323 | high | 7.4 | 34% | 2022 |
| CVE-2020-15175 | high | 7.4 | 71% | 2020 |
| CVE-2020-11060 | high | 7.4 | 11% | 2020 |
| CVE-2022-24868 | high | 7.3 | 1% | 2022 |
| CVE-2026-29047 | high | 7.2 | 0% | 2026 |
| CVE-2026-25932 | high | 7.2 | 0% | 2026 |
| CVE-2024-47761 | high | 7.2 | 0% | 2024 |
| CVE-2024-37149 | high | 7.2 | 21% | 2024 |
| CVE-2023-46726 | high | 7.2 | 1% | 2023 |
| CVE-2020-5248 | high | 7.2 | 1% | 2020 |
| CVE-2024-29889 | high | 7.1 | 65% | 2024 |
| CVE-2020-15108 | high | 7.1 | 1% | 2020 |
| CVE-2023-37278 | medium | 6.8 | 1% | 2023 |
| CVE-2023-22722 | medium | 6.8 | 1% | 2023 |
| CVE-2022-31187 | medium | 6.8 | 1% | 2022 |
109 older / lower-severity CVEs not shown — see GLPI's full record.
Is my GLPI version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your GLPI version → · Monitor GLPI for new CVEs →
GLPI vulnerabilities — frequently asked
How many known vulnerabilities does GLPI have?
IsItPatched tracks 189 CVEs for GLPI, 1 of which is actively exploited (CISA KEV). 13 are critical-severity and 64 high-severity. These span every release line — what matters is whether the version you run is affected.
Does GLPI have any actively-exploited vulnerabilities?
Yes — 1 GLPI CVE is in CISA's Known Exploited Vulnerabilities catalog, meaning it is confirmed exploited in the wild. Patch it as a priority.
What is the most severe GLPI vulnerability?
Among tracked issues, CVE-2022-35914 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Injection weakness.
Is GLPI safe to use?
It depends on the version. The latest supported GLPI release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: GLPI security status · GLPI end-of-life · actively-exploited CVEs. Always verify against GLPI Project's advisories — see our disclaimer.