Audiobookshelf
by Advplyr
Source repositories
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42888 | Med | 0.45 | — | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library… | ||
| CVE-2026-42883 | Med | 0.42 | 6.5 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs… | ||
| CVE-2026-42886 | Med | 0.32 | 4.9 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData(), with no limit on the decompressed size. The… | ||
| CVE-2026-42885 | Med | 0.28 | 4.3 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a… | ||
| CVE-2026-42884 | Med | 0.28 | 4.3 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An… | ||
| CVE-2026-42887 | Med | 0.22 | 4.5 | 0.00 | May 11, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with… | ||
| CVE-2026-27974 | 0.00 | — | 0.00 | Feb 26, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with… | |||
| CVE-2026-27963 | 0.00 | — | 0.00 | Feb 26, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with… | |||
| CVE-2026-27973 | 0.00 | — | 0.00 | Feb 26, 2026 | Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata.… | |||
| CVE-2025-57800 | 0.00 | — | 0.00 | Aug 22, 2025 | Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary… | |||
| CVE-2025-46338 | 0.00 | — | 0.00 | Apr 29, 2025 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the… | |||
| CVE-2025-25205 | 0.00 | — | 0.04 | Feb 12, 2025 | Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs… | |||
| CVE-2024-43797 | 0.00 | — | 0.01 | Sep 2, 2024 | audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue.… | |||
| CVE-2024-35236 | 0.00 | — | 0.01 | May 27, 2024 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote… | |||
| CVE-2023-51665 | 0.00 | — | 0.00 | Dec 27, 2023 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for… | |||
| CVE-2023-51697 | 0.00 | — | 0.00 | Dec 27, 2023 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known… | |||
| CVE-2023-47624 | 0.00 | — | 0.01 | Dec 13, 2023 | Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information… | |||
| CVE-2023-47619 | 0.00 | — | 0.01 | Dec 13, 2023 | Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information… |
- risk 0.45cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library…
- risk 0.42cvss 6.5epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs…
- risk 0.32cvss 4.9epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData(), with no limit on the decompressed size. The…
- risk 0.28cvss 4.3epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a…
- risk 0.28cvss 4.3epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An…
- risk 0.22cvss 4.5epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with…
- CVE-2026-27974Feb 26, 2026risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with…
- CVE-2026-27963Feb 26, 2026risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with…
- CVE-2026-27973Feb 26, 2026risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata.…
- CVE-2025-57800Aug 22, 2025risk 0.00cvss —epss 0.00
Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary…
- CVE-2025-46338Apr 29, 2025risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the…
- CVE-2025-25205Feb 12, 2025risk 0.00cvss —epss 0.04
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs…
- CVE-2024-43797Sep 2, 2024risk 0.00cvss —epss 0.01
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue.…
- CVE-2024-35236May 27, 2024risk 0.00cvss —epss 0.01
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote…
- CVE-2023-51665Dec 27, 2023risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for…
- CVE-2023-51697Dec 27, 2023risk 0.00cvss —epss 0.00
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known…
- CVE-2023-47624Dec 13, 2023risk 0.00cvss —epss 0.01
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information…
- CVE-2023-47619Dec 13, 2023risk 0.00cvss —epss 0.01
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information…