Advplyr Audiobookshelf vulnerabilities
17 known vulnerabilities affecting advplyr/audiobookshelf.
Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM13
Vulnerabilities
Page 1 of 1
CVE-2025-25205P3HIGHCVSS 8.2PoCv>= 2.17.0, < 2.19.12025-02-12
CVE-2025-25205 [HIGH] CWE-202 CVE-2025-25205: Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior t
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/ite
nvd
CVE-2025-57800P3HIGHCVSS 8.8v>= 2.6.0, < 2.28.02025-08-22
CVE-2025-57800 [HIGH] CWE-523 CVE-2025-57800: Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the
Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie, which is later used to redirect the user after authentic
nvd
CVE-2023-51697P3HIGHCVSS 7.5fixed in 2.7.02023-12-27
CVE-2023-51697 [HIGH] CWE-918 CVE-2023-51697: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vuln
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.
nvd
CVE-2023-51665P3HIGHCVSS 7.5fixed in 2.7.02023-12-27
CVE-2023-51665 [HIGH] CWE-918 CVE-2023-51665: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vuln
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.
nvd
CVE-2026-42883P3MEDIUMCVSS 6.5fixed in 2.32.22026-05-11
CVE-2026-42883 [MEDIUM] CWE-863 CVE-2026-42883: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/librarie
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining them to that library. An authenticated user with downlo
nvd
CVE-2026-42888P3MEDIUMCVSS 6.9fixed in 2.33.22026-05-11
CVE-2026-42888 [MEDIUM] CWE-22 CVE-2026-42888: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
nvd
CVE-2023-47619P3MEDIUMCVSS 6.5≤ 2.4.32023-12-13
CVE-2023-47619 [MEDIUM] CWE-200 CVE-2023-47619: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users wit
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
nvd
CVE-2023-47624P3MEDIUMCVSS 6.5≤ 2.4.32023-12-13
CVE-2023-47624 [MEDIUM] CWE-22 CVE-2023-47624: Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user
Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available.
nvd
CVE-2024-35236P4MEDIUMCVSS 4.8fixed in 2.10.02024-05-27
CVE-2024-35236 [MEDIUM] CWE-79 CVE-2024-35236: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an eb
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on
nvd
CVE-2025-46338P4MEDIUMCVSS 6.1fixed in 2.21.02025-04-29
CVE-2025-46338 [MEDIUM] CWE-79 CVE-2025-46338: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper i
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server’s error me
nvd
CVE-2026-42886P4MEDIUMCVSS 4.9fixed in 2.33.22026-05-11
CVE-2026-42886 [MEDIUM] CWE-409 CVE-2026-42886: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData(), with no limit on the decompressed size. The upload middleware also has no file size limit. An admin user can upload a
nvd
CVE-2024-43797P4MEDIUMCVSS 4.3fixed in 2.13.02024-09-02
CVE-2024-43797 [MEDIUM] CWE-22 CVE-2024-43797: audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to cre
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen a
nvd
CVE-2026-42885P4MEDIUMCVSS 4.3fixed in 2.33.22026-05-11
CVE-2026-42885 [MEDIUM] CWE-22 CVE-2026-42885: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesys
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix (e.g., /audiobooks vs /audiobooks-private), allowing authentic
nvd
CVE-2026-42884P4MEDIUMCVSS 4.3fixed in 2.33.22026-05-11
CVE-2026-42884 [MEDIUM] CWE-863 CVE-2026-42884: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collecti
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with access to any library can enumerate and read collections
nvd
CVE-2026-42887P4MEDIUMCVSS 4.5fixed in 2.33.02026-05-11
CVE-2026-42887 [MEDIUM] CWE-79 CVE-2026-42887: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site s
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges can inject arbitrary HTML/JavaScript that will be rend
nvd
CVE-2026-27963P4MEDIUMCVSS 4.8fixed in 2.32.02026-02-26
CVE-2026-27963 [MEDIUM] CWE-79 CVE-2026-27963: Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vu
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browser
nvd
CVE-2026-27973P4MEDIUMCVSS 4.8fixed in 2.12.02026-02-26
CVE-2026-27973 [MEDIUM] CWE-79 CVE-2026-27973: Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vu
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users'
nvd