Vulnerabilities in navidrome

9 results

CVE-2024-47062CRITICALMultiple SQL Injections and ORM Leak in navidromeEPSS 4.5%CVE-2025-27112MEDIUMNavidrome has authentication bypass in Subsonic API with non-existent usernameEPSS 0.9%CVE-2023-51442HIGHAuthentication bypass vulnerability in navidrome's subsonic endpointEPSS 0.7%CVE-2026-25579CRITICALNavidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpointsEPSS 0.5%CVE-2025-48949HIGHNavidrome allows SQL Injection via role parameterEPSS 0.4%CVE-2024-32963MEDIUMParameter Tampering vulnerability in NavidromeEPSS 0.4%CVE-2025-48948HIGHNavidrome Transcoding Permission Bypass Vulnerability ReportEPSS 0.4%CVE-2026-25578MEDIUMNavidrome is vulnerable to XSS via comment from song metadataEPSS 0.3%CVE-2024-56362HIGHNavidrome Stores JWT Secret in Plaintext in navidrome.dbEPSS 0.1%