Hotfix empfohlen — 5 offene Regression(en) im Repo · 384 open bugs, 5 Regressions
Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
MoviePilot v2 contains a vulnerability that allows authenticated attackers to target arbitrary internal network services and steal data by bypassing insufficient URL filtering in the image proxy endpoint.
A security vulnerability in Jellystat (a statistics app for Jellyfin) allows authenticated users to inject malicious SQL code, enabling them to read sensitive data or even execute arbitrary commands on the server.
A vulnerability in Jellyfin versions before 10.11.7 allows authenticated users to create groups with extremely long names, blocking the SyncPlay service for others and potentially causing server crashes due to excessive memory usage.
affects: <10.11.7 · v10.11.11 not affected
Jellyfin media server before version 10.11.7 has a critical security flaw that allows attackers to read arbitrary files from the server without authentication by injecting malicious parameters into video streaming requests.
affects: <10.11.7 · v10.11.11 not affected
Jellyfin media server before version 10.11.7 has a security flaw that allows logged-in users to read local files and gain admin privileges by exploiting manipulated Live TV settings.
affects: <10.11.7 · v10.11.11 not affected
A critical security vulnerability in Jellyfin Media Server allows administrators or users with subtitle upload permissions to write arbitrary files and ultimately gain complete system control as root user.
affects: <10.11.7 · v10.11.11 not affected
A security flaw in the Anchorr Discord bot allows attackers to inject malicious code into admin browsers, gaining complete system access and control over all connected services including Jellyfin media servers.
A security flaw in the Anchorr Discord bot allows any Discord user to execute malicious code in the administrator's browser and steal all stored passwords and API keys.
A vulnerability in the GitHub Actions workflows of the Jellyfin iOS app allows attackers to execute arbitrary code and gain full repository control, potentially leading to secret theft and supply chain attacks.
A vulnerability in Seerr, a media manager for Jellyfin and other streaming servers, exposes sensitive user data including API keys for Pushover and Telegram to any authenticated user, regardless of their permission level.
A vulnerability in Seerr (a media manager for Jellyfin) allows authenticated users to access and modify other users' data because certain API routes lack proper authorization checks.
A vulnerability in Seerr software allows attackers to register accounts without valid credentials by using their own Jellyfin server, even when Seerr is configured for Plex instead.
A vulnerability in Jellyfin media servers allows attackers to read arbitrary files from the server, especially on Windows systems. Publicly accessible servers are at risk of sensitive data exposure.
Jellyfin media server contains a Server-Side Request Forgery vulnerability in multiple API endpoints that allows unauthenticated attackers to access internal network services, steal data, and scan networks.
A critical security vulnerability in Jellyfin allows attackers with low-privilege user accounts to execute arbitrary commands on the server by chaining directory traversal, file upload, and cross-site scripting exploits.
A vulnerability in Jellyfin allows attackers to inject additional commands into FFmpeg calls, enabling arbitrary file reading or overwriting. While technically exploitable without authentication, practical exploitation is highly unlikely as it requires guessing random GUIDs.
A vulnerability in Jellyfin allows administrators to execute arbitrary programs via network shares by sending a special path to a system endpoint.
Jellyfin media software allows uploading SVG files as profile pictures, enabling attackers to inject malicious SVG files that can steal admin credentials and elevate regular users to administrator privileges.
Jellyfin media server contains a vulnerability that allows authenticated users to inject malicious commands into FFmpeg, potentially enabling them to execute arbitrary code on the server.
A vulnerability in Jellyfin allows attackers to spoof their IP address and restart the server without authentication, enabling repeated denial-of-service attacks against the media server.
A vulnerability in Jellyfin allows unauthenticated users to request arbitrarily large splash screen images through the Branding API, which can cause memory, CPU, and disk space issues when repeatedly requested, potentially crashing the server.
A critical security vulnerability in Jellyfin allows users with subtitle upload permissions to write arbitrary files on the server and ultimately execute code as administrator.
A vulnerability in Jellyfin allows authenticated users to read arbitrary files, forge server requests, and steal the database through an unsecured LiveTV endpoint, enabling them to gain administrator privileges.
A vulnerability in Jellyfin allows malicious users to create SyncPlay groups with extremely long names, which can block the service and lock out other users.
A security vulnerability in Jellyfin allows unauthenticated attackers to read arbitrary files from the server by injecting malicious parameters into video streaming requests and extracting file contents through the video output.
Jellyfin Server 10.11.11 fixes bugs and adds a lock helper for the UserManager
Jellyfin Server 10.11.10 fixes multiple security vulnerabilities and resolves issues with UserData cache and user management
Jellyfin 10.11.9 fixes several bugs in video encoders, user management and hardware acceleration
Jellyfin 10.11.8 fixes several regressions from version 10.11.7, including issues with subtitles and language filters
Jellyfin Server 10.11.7 fixes multiple critical security vulnerabilities and various bugs
Jellyfin 10.11.6 fixes various bugs in search, artist display, library updates and video transcoding
Jellyfin 10.11.5 fixes 17 bugs including database optimizations, image processing issues, and hardware decoding errors
Jellyfin 10.11.4 fixes various bugs including crashes on exFAT drives, locked field issues, and HDR stream handling
Jellyfin Server 10.11.3 fixes various bugs in metadata processing, file handling and search functionality
Jellyfin 10.11.2 fixes several bugs including security improvements for password resets and corrections for metadata refresh functionality
Jellyfin 10.11.1 fixes various bugs in symlink handling, database migrations, video processing and Live TV functionality
Jellyfin 10.11.0 introduces major new features including system backup and database refactoring with breaking changes
Ninth release candidate of Jellyfin 10.11.0 with bug fixes for ratings, sorting, libraries and performance improvements
Critical bugfix in RC8 resolves library breakage when upgrading from RC5 to RC7
Seventh release candidate of Jellyfin 10.11.0 with bug fixes for database issues, SkiaSharp rollback and improvements to metadata processing
Jellyfin Server 10.11.0 RC6 fixes anamorphic video detection, improves audio normalization and optimizes database performance
Jellyfin Server 10.11.0 RC5 released with bug fixes for API timeouts, database queries and image processing
Fourth release candidate of Jellyfin 10.11.0 with bug fixes for database migration, trickplay extraction and improved VOB file support
Jellyfin Server 10.11.0 RC3 released with bug fixes for QSV encoding, syncplay groups, music metadata and various other improvements
Jellyfin Server 10.11.0 RC2 released with bug fixes for metadata handling, collections, database queries and file access
First release candidate of Jellyfin 10.11.0 featuring .NET 9 upgrade, improved anime filename recognition and various bug fixes
Jellyfin 10.10.7 fixes security vulnerabilities and bugs but requires proper reverse proxy configuration
Jellyfin 10.10.6 fixes several bugs including crashes on Apple Silicon and issues with image encoding and LiveTV
Jellyfin Server 10.10.5 fixes various bugs related to file access, subtitles, audio streaming and metadata processing
Jellyfin 10.10.4 fixes various issues with audio/video transcoding, metadata parsing, and EPG caching
Jellyfin 10.10.3 fixes issues with file system-based library playlists and reduces the minimum SDK version requirement
Jellyfin 10.10.2 fixes various bugs in playlists, trickplay images, transcoding and metadata processing
Jellyfin Server 10.10.1 fixes several bugs including audio codec issues, null reference exceptions, and TMDB import problems
Jellyfin 10.10.0 introduces new Media Segments API, Dolby AC-4 decoder, software tonemap filter support and numerous improvements for hardware acceleration and trickplay
Jellyfin 10.9.11 fixes several bugs related to subtitle extraction, codec profiles, version names, and chapter images
Maintenance update with various bug fixes for image support, codec processing, user interface and stability