Place to record and track OpenEMR security alerts and their fixes:

• Arbitrary Database Creation/Database Enumeration - OpenEMR 4.0.0 (FIX included in 4.0.0 patch released on 4/15/2011)
• Local File Inclusion - OpenEMR 4.0.0 (FIX included in 4.0.0 patch released on 4/15/2011)
• Reflected Cross-site Scripting - OpenEMR 4.0.0
• Security exploit: (Multiple cross-site scripting)

• http://packetstormsecurity.org/files/103810
• (waiting for a developer to fix)

• Security exploit: (One sql-injection)

• http://www.exploit-db.com/exploits/17998
• (waiting for a developer to fix)

• Security exploit: (Multiple sql-injection)

• http://secunia.com/advisories/46560/
• (waiting for a developer to fix)