Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jellyfin — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting jellyfin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by jellyfin:jellyfinjellyfin-webcode-quality.yml
CVE IDTitleCVSSSeverityPublished
CVE-2026-35034 Jellyfin: Potential Application DoS from excessively large SyncPlay group names — jellyfinCWE-400 6.5 Medium2026-04-14
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection — jellyfinCWE-88 7.5 -2026-04-14
CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner — jellyfinCWE-918 8.1 -2026-04-14
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain — jellyfinCWE-20 10.0 Critical2026-04-14
CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation — code-quality.ymlCWE-269 10.0 Critical2026-03-11
CVE-2025-31499 Jellyfin Vulnerable to Argument Injection in FFmpeg — jellyfinCWE-88 8.8AIHighAI2025-04-15
CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing — jellyfinCWE-290 6.5AIMediumAI2025-04-15
CVE-2024-43801 Privilege escalation to admin from a low-privileged user via SVG upload in Jellyfin — jellyfinCWE-200 4.6 Medium2024-09-02
CVE-2023-48702 Jellyfin Possible Remote Code Execution via custom FFmpeg binary — jellyfinCWE-77 7.2 High2023-12-13
CVE-2023-49096 Argument Injection in FFmpeg codec parameters in Jellyfin — jellyfinCWE-88 7.7 High2023-12-06
CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js — jellyfin-webCWE-79 9.1 Critical2023-04-24
CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution — jellyfinCWE-22 8.8 High2023-04-24
CVE-2021-29490 Unauthenticated GET requests through Remote Image endpoints — jellyfinCWE-918 5.8 Medium2021-05-05
CVE-2021-21402 Unauthenticated Arbitrary File Access in Jellyfin — jellyfinCWE-22 7.7 High2021-03-23

This page lists every published CVE security advisory associated with jellyfin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.