Vulnerabilities > Jellyfin

DATE CVE VULNERABILITY TITLE RISK
2024-09-02 CVE-2024-43801 Unspecified vulnerability in Jellyfin
Jellyfin is an open source self hosted media server.
network
low complexity
jellyfin
5.4
2023-12-13 CVE-2023-48702 Unspecified vulnerability in Jellyfin
Jellyfin is a system for managing and streaming media.
network
low complexity
jellyfin
7.2
2023-12-06 CVE-2023-49096 Unspecified vulnerability in Jellyfin
Jellyfin is a Free Software Media System for managing and streaming media.
network
low complexity
jellyfin
8.8
2023-04-24 CVE-2023-30626 Unspecified vulnerability in Jellyfin
Jellyfin is a free-software media system.
network
low complexity
jellyfin
8.1
2023-04-24 CVE-2023-30627 Unspecified vulnerability in Jellyfin
jellyfin-web is the web client for Jellyfin, a free-software media system.
network
low complexity
jellyfin
5.4
2023-03-10 CVE-2023-27161 Server-Side Request Forgery (SSRF) vulnerability in Jellyfin
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories.
network
low complexity
jellyfin CWE-918
7.5
2023-02-03 CVE-2023-23635 Cross-site Scripting vulnerability in Jellyfin
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS.
network
low complexity
jellyfin CWE-79
5.4
2023-02-03 CVE-2023-23636 Cross-site Scripting vulnerability in Jellyfin
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS.
network
low complexity
jellyfin CWE-79
5.4
2022-08-19 CVE-2022-35909 Unspecified vulnerability in Jellyfin
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.
network
low complexity
jellyfin
8.8
2022-08-19 CVE-2022-35910 Cross-site Scripting vulnerability in Jellyfin
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.
network
low complexity
jellyfin CWE-79
5.4