pkg:Go/github.com/navidrome/navidrome

共 22 筆 CVEHIGH6MEDIUM6

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
    from 0, < 0.53.0
  • HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
    from 0, < 0.53.0
  • HIGH8.6CVE-2023-51442Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
    from 0, < 0.50.2
  • HIGH8.6CVE-2023-51442Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
    from 0, < 0.50.2
  • HIGH7.1CVE-2024-56362Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
    from 0, < 0.54.1
  • HIGH7.1CVE-2024-56362Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
    from 0, < 0.54.1
  • MEDIUM6.5CVE-2024-41259Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
    from 0
  • MEDIUM6.5CVE-2024-41259Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
    from 0, <= 0.52.3
  • MEDIUM6.1CVE-2026-25578Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
    from 0, < 0.60.0
  • MEDIUM6.1CVE-2026-25578Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
    from 0, < 0.60.0
  • MEDIUM4.2CVE-2024-32963Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
    from 0, < 0.52.0
  • MEDIUM4.2CVE-2024-32963Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
    from 0, < 0.52.0
  • CVE-2026-25579Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
    from 0, < 0.60.0
  • CVE-2026-25579Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
    from 0, < 0.60.0
  • CVE-2025-48948Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
    from 0, < 0.56.0
  • CVE-2025-48948Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
    from 0, < 0.56.0
  • CVE-2025-48949Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
    >= 0.55.0, < 0.56.0
  • CVE-2025-48949Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
    >= 0.55.0, < 0.56.0
  • CVE-2025-27112Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
    >= 0.52.0, < 0.54.5
  • CVE-2025-27112Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
    >= 0.52.0, < 0.54.5
  • CVE-2022-23857SQL injection in github.com/navidrome/navidrome
    from 0, < 0.47.5
  • CVE-2022-23857SQL injection in github.com/navidrome/navidrome
    from 0, < 0.47.5