github.com/navidrome/navidrome
Go6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/navidrome/navidromepage 1 of 1
- CVE-2022-23857MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.47.52022-01-24
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user ta…
- CVE-2023-51442HIGHCVSS 8.6EG 8.6✓ Fixed in 0.50.22023-12-21
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any …
- CVE-2024-32963MEDIUMCVSS 4.2EG 4.2✓ Fixed in 0.52.02024-05-01
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP r…
- CVE-2024-41259CRITICALCVSS 9.1EG 6.52024-08-01
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
- CVE-2024-47062HIGHCVSS 8.8EG 8.8✓ Fixed in 0.53.02024-09-20
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL …
- CVE-2024-56362HIGHCVSS 7.1EG 7.1✓ Fixed in 0.54.12024-12-23
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone wi…
Check whether github.com/navidrome/navidrome is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/navidrome/navidrome CVEs against the assets you own.
Start Free Scan →