Security: advplyr/audiobookshelf
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
audiobookshelf_PathTraversal_01 Vulnerability Report: We discovered a Path Traversal vulnerability in the audiobookshelf project.GHSA-phch-9734-wrp3 published
May 3, 2026 by advplyrModerate -
Stored Cross-Site Scripting in Sessions allows a non-privileged user to gain admin permissions when an admin views the session pageGHSA-qr9h-3q76-7gj8 published
Apr 2, 2026 by advplyrHigh -
Stored Cross-Site Scripting in Login Page Custom MessageGHSA-cx29-ghq2-9cm4 published
Apr 28, 2026 by advplyrModerate -
Memory amplification DoS via oversized compressed details entry in backup uploadGHSA-4jq4-rvq8-j26h published
Apr 28, 2026 by advplyrModerate -
Path prefix bypass in filesystem existence check leaks out-of-scope file existenceGHSA-rhjg-p6cm-38w2 published
Apr 28, 2026 by advplyrModerate -
Collection endpoints bypass library access controls exposing restricted library dataGHSA-rxw2-h55w-ffmh published
Apr 28, 2026 by advplyrModerate -
Cross-library file exfiltration via unscoped bulk download endpointGHSA-6rvg-w3f5-9gq5 published
Apr 24, 2026 by advplyrModerate -
Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)GHSA-2433-p93m-xhhg published
Feb 25, 2026 by advplyrModerate -
Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)GHSA-8c9r-pvrj-vcf5 published
Feb 25, 2026 by advplyrModerate -
Stored XSS in Tooltip.vue via Audiobook MetadataGHSA-69cp-m725-wf78 published
Feb 14, 2026 by advplyrModerate
Learn more about advisories related to advplyr/audiobookshelf in the GitHub Advisory Database