Security Overview · advplyr/audiobookshelf · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

OIDC Token Exfiltration Can Lead to Complete Account Takeover
GHSA-vpc2-w73p-39px published Aug 22, 2025 by advplyr

High
v2.24.0 - Directory Traversal in /api/filesystem/pathexists Allows File Enumeration
GHSA-xjqw-8829-qmm6 published Jun 14, 2025 by advplyr

Moderate
/api/filesystem/pathexists exposes arbitrary‑path probing outside configured libraries
GHSA-xj8h-wrw2-g829 published Jun 1, 2025 by advplyr

Moderate
Cross-Site-Scripting Reflected via POST Request in /api/upload
GHSA-47g3-c5hx-2q3w published Apr 27, 2025 by advplyr

Moderate
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
GHSA-pg8v-5jcv-wrvw published Feb 12, 2025 by advplyr

High
Path Traversal (RBAC: A non-admin user can create directories anywhere in the system)
GHSA-gg56-vj58-g5mc published Aug 31, 2024 by advplyr

Moderate
Cross-Site-Scripting vulnerability via crafted ebooks
GHSA-7j99-76cj-q9pg published May 26, 2024 by advplyr

Moderate
Blind SSRF in `podcastUtils.js` (`GHSL-2023-267`)
GHSA-jhjx-c3wx-q2x7 published Dec 23, 2023 by advplyr

Low
Blind SSRF in `Auth.js` (`GHSL-2023-266`)
GHSA-gjgj-98v3-47pg published Dec 23, 2023 by advplyr

Moderate
GitHub Security Lab (GHSL) Vulnerability Report, audiobookshelf: `GHSL-2023-203`, `GHSL-2023-204`
GHSA-mgj7-rfx8-vhpr published Oct 29, 2023 by advplyr

Moderate

Learn more about advisories related to advplyr/audiobookshelf in the GitHub Advisory Database