VYPR

apk package

wolfi/jellyfin

pkg:apk/wolfi/jellyfin

Vulnerabilities (2)

  • CVE-2026-31852Mar 11, 2026
    affected < 0fixed 0

    Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly all write permissions), this vul

  • CVE-2024-43801Sep 2, 2024
    affected < 10.9.10-r0fixed 10.9.10-r0

    Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of the Jellyfin Web UI (e.g. via "view