Build software better, together

Security

This project has not set up a SECURITY.md file yet.

SQL Injection via role parameter
GHSA-5wgp-vjxm-3x2r published May 29, 2025 by deluan

Critical
Navidrome Transcoding Permission Bypass Vulnerability Report
GHSA-f238-rggp-82m3 published May 29, 2025 by deluan

Critical
Authentication bypass in Subsonic API with non-existent username
GHSA-c3p4-vm8f-386p published Feb 22, 2025 by deluan

Moderate
Plaintext Storage of JWT Secret in navidrome.db
GHSA-xwx7-p63r-2rj8 published Dec 23, 2024 by deluan

High
Multiple SQL Injections and ORM Leak
GHSA-58vj-cv5w-v4v6 published Sep 20, 2024 by deluan

Critical
Parameter Tampering vulnerability
GHSA-4jrx-5w4h-3gpm published Apr 27, 2024 by deluan

High
Authentication bypass vulnerability in navidrome's subsonic endpoint
GHSA-wq59-4q6r-635r published Dec 19, 2023 by deluan

High

Learn more about advisories related to navidrome/navidrome in the GitHub Advisory Database