I think your website is quite secure.
But you overlooked the HTML Injection vulnerability (ID:WSTG-CLNT-03 of OWASP).
Proof of Concept
1 .Login with demo account
2 .Access the link https://demo.librenms.org/search/search=ipv4 and insert the payload
search=<b>test/b>
3 .Hit enter, html injection vulnerability detected
Proof of Concept
Video Poc
https://drive.google.com/file/d/1SKLGEsaeFXrWopBckrFcGRAG0N2RMoQA/view?usp=sharing