Known Vulnerabilities for products from Jellyfin
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Jellyfin".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40348 json | Not Provided | 2026-04-18 | 2026-04-18 | |
| CVE-2026-35034 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2026-35033 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2026-35032 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2026-35031 json | Not Provided | 2026-04-14 | 2026-04-16 | |
| CVE-2023-30627 json | jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10... | 5.4 - MEDIUM | 2023-04-24 | 2023-05-04 |
| CVE-2023-30626 json | Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory trave... | 8.1 - HIGH | 2023-04-24 | 2023-05-04 |
| CVE-2023-27161 json | Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This v... | 7.5 - HIGH | 2023-03-10 | 2023-03-31 |
| CVE-2023-23636 json | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal acces... | 5.4 - MEDIUM | 2023-02-03 | 2023-02-09 |
| CVE-2023-23635 json | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal acc... | 5.4 - MEDIUM | 2023-02-03 | 2023-02-09 |
| CVE-2022-35910 json | In Jellyfin before 10.8, stored XSS allows theft of an admin access token. | 5.4 - MEDIUM | 2022-08-19 | 2022-08-19 |
| CVE-2022-35909 json | In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | 8.8 - HIGH | 2022-08-19 | 2022-08-19 |
| CVE-2021-29490 json | Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. V... | 5.8 - MEDIUM | 2021-05-06 | 2021-05-13 |
| CVE-2021-21402 json | Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests wi... | 6.5 - MEDIUM | 2021-03-23 | 2021-03-27 |