github.com/navidrome/navidrome vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-25579Criticalgithub.com/navidrome/navidrome: Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>`…CVE-2026-25578Mediumgithub.com/navidrome/navidrome: Navidrome has XSS via comment from song metadataCVE-2025-48948Highgithub.com/navidrome/navidrome: Navidrome Transcoding Permission Bypass Vulnerability ReportCVE-2025-48949Highgithub.com/navidrome/navidrome: Navidrome allows SQL Injection via role parameterCVE-2025-27112Mediumgithub.com/navidrome/navidrome: Navidrome allows an authentication bypass in Subsonic API with non-existent usernameCVE-2024-56362Highgithub.com/navidrome/navidrome: Navidrome Stores JWT Secret in Plaintext in navidrome.dbCVE-2024-47062Criticalgithub.com/navidrome/navidrome: Navidrome has Multiple SQL Injections and ORM LeakCVE-2024-41259Mediumgithub.com/navidrome/navidrome: Navidrome uses MD5 hashing algorithmCVE-2024-32963Mediumgithub.com/navidrome/navidrome: Navidrome Parameter Tampering vulnerabilityCVE-2023-51442Highgithub.com/navidrome/navidrome: Authentication bypass vulnerability in navidrome's subsonic endpointCVE-2022-23857Mediumgithub.com/navidrome/navidrome: SQL injection in github.com/navidrome/navidrome

Stop the waste.
Protect your environment with Kodem.