pkg:Go/github.com/navidrome/navidrome

All known vulnerabilities

• HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
  from 0, < 0.53.0
• HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
  from 0, < 0.53.0
• HIGH8.6CVE-2023-51442Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
  from 0, < 0.50.2
• HIGH8.6CVE-2023-51442Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
  from 0, < 0.50.2
• HIGH7.1CVE-2024-56362Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
  from 0, < 0.54.1
• HIGH7.1CVE-2024-56362Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
  from 0, < 0.54.1
• MEDIUM6.5CVE-2024-41259Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
  from 0
• MEDIUM6.5CVE-2024-41259Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
  from 0, <= 0.52.3
• MEDIUM6.1CVE-2026-25578Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
  from 0, < 0.60.0
• MEDIUM6.1CVE-2026-25578Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
  from 0, < 0.60.0
• MEDIUM4.2CVE-2024-32963Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
  from 0, < 0.52.0
• MEDIUM4.2CVE-2024-32963Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
  from 0, < 0.52.0
• —CVE-2026-25579Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
  from 0, < 0.60.0
• —CVE-2026-25579Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
  from 0, < 0.60.0
• —CVE-2025-48948Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
  from 0, < 0.56.0
• —CVE-2025-48948Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
  from 0, < 0.56.0
• —CVE-2025-48949Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
  >= 0.55.0, < 0.56.0
• —CVE-2025-48949Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
  >= 0.55.0, < 0.56.0
• —CVE-2025-27112Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
  >= 0.52.0, < 0.54.5
• —CVE-2025-27112Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
  >= 0.52.0, < 0.54.5
• —CVE-2022-23857SQL injection in github.com/navidrome/navidrome
  from 0, < 0.47.5
• —CVE-2022-23857SQL injection in github.com/navidrome/navidrome
  from 0, < 0.47.5