pkg:Go/github.com/navidrome/navidrome

All known vulnerabilities

• HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
  from 0, < 0.53.0
• HIGH8.8CVE-2024-47062Navidrome has Multiple SQL Injections and ORM Leak in github.com/navidrome/navidrome
  from 0, < 0.53.0
• HIGH8.6CVE-2023-51442Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
  from 0, < 0.50.2
• HIGH8.6Authentication bypass vulnerability in navidrome's subsonic endpoint in github.com/navidrome/navidrome
  from 0, < 0.50.2
• HIGH7.1Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
  from 0, < 0.54.1
• HIGH7.1Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
  from 0, < 0.54.1
• MEDIUM6.5Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
  from 0
• MEDIUM6.5Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome
  from 0, <= 0.52.3
• MEDIUM6.1Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
  from 0, < 0.60.0
• MEDIUM6.1Navidrome has XSS via comment from song metadata in github.com/navidrome/navidrome
  from 0, < 0.60.0
• MEDIUM4.2Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
  from 0, < 0.52.0
• MEDIUM4.2Navidrome Parameter Tampering vulnerability in github.com/navidrome/navidrome
  from 0, < 0.52.0
• —Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
  from 0, < 0.60.0
• —Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
  from 0, < 0.60.0
• —Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
  from 0, < 0.56.0
• —Navidrome Transcoding Permission Bypass Vulnerability Report in github.com/navidrome/navidrome
  from 0, < 0.56.0
• —Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
  >= 0.55.0, < 0.56.0
• —Navidrome allows SQL Injection via role parameter in github.com/navidrome/navidrome
  >= 0.55.0, < 0.56.0
• —Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
  >= 0.52.0, < 0.54.5
• —Navidrome allows an authentication bypass in Subsonic API with non-existent username in github.com/navidrome/navidrome
  >= 0.52.0, < 0.54.5
• —SQL injection in github.com/navidrome/navidrome
  from 0, < 0.47.5
• —SQL injection in github.com/navidrome/navidrome
  from 0, < 0.47.5