Koha-Community/Koha

GitHub

github.com

koha-community.org

Releases708

Frequency1 week 5 days

Last Release 9 days ago

Stars565

Koha is a free software integrated library system (ILS). Koha is distributed under the GNU GPL version 3 or later. ***Note: this is a synced mirror of the official Koha repo. Note: This project uses its own bug tracker, see https://bugs.koha-community.org/ to report a bug or submit a patch.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-26378 ↗	Jun 3, 2026Wednesday, 3 June 2026, 19:16	5.4 MEDIUM	—
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
CVE-2026-26379 ↗	Jun 3, 2026Wednesday, 3 June 2026, 19:16	6.5 MEDIUM	—
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times.
CVE-2026-26377 ↗	Mar 5, 2026Thursday, 5 March 2026, 16:16	5.4 MEDIUM	—
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.