VYPR
Vendor

Audiobookshelf

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2023-47619HigDec 13, 2023
    risk 0.53cvss 8.1epss 0.01

    Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information…

  • CVE-2024-43797MedSep 2, 2024
    risk 0.41cvss 6.3epss 0.01

    audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue.…

  • CVE-2026-27974Feb 26, 2026
    risk 0.00cvss epss 0.00

    Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with…

  • CVE-2026-27963Feb 26, 2026
    risk 0.00cvss epss 0.00

    Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with…

  • CVE-2026-27973Feb 26, 2026
    risk 0.00cvss epss 0.00

    Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata.…

  • CVE-2025-57800Aug 22, 2025
    risk 0.00cvss epss 0.00

    Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary…

  • CVE-2024-35236MedMay 27, 2024
    risk 0.00cvss 4.8epss 0.01

    Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote…

  • CVE-2023-51697MedDec 27, 2023
    risk 0.00cvss 4.3epss 0.00

    Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known…

  • CVE-2023-51665MedDec 27, 2023
    risk 0.00cvss 4.3epss 0.00

    Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for…