Product
navidrome
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-25579
CVE-2026-25578
CVE-2025-48949
CVE-2025-48948
CVE-2025-27112
CVE-2024-56362
CVE-2024-47062
CVE-2024-41259
CVE-2024-32963
CVE-2023-51442
CVE-2022-23857
< 0.60.0
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash
< 0.60.0
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulner
>= 0.55.0 and < 0.56.0
Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability du
< 0.56.0
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.
>= 0.52.0 and < 0.54.5
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5
< 0.54.1
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the na
< 0.53.0
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to
<= 0.52.3
Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account i
< 0.52.0
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a par
< 0.50.2
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidr
< 0.47.5
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlis