VYPR

Jellystat

by CyferShepard

Source repositories

CVEs (2)

  • CVE-2026-41167CriApr 22, 2026
    risk 0.52cvss 9.1epss 0.01

    Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via…

  • CVE-2025-24960HigFeb 3, 2025
    risk 0.50cvss 8.7epss 0.00

    Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse.…