jellyfin Cyber Security Vulnerability Stats and Metrics

Argument Injection Vulnerability in Jellyfin Media Server

CVE-2025-31499

JellyfinJellyfin7.6HIGH

IP Spoofing Vulnerability in Jellyfin Media Server

CVE-2025-32012

JellyfinJellyfin4.6MEDIUM

Specially crafted SVG file can retrieve AccessToken for Jellyfin administrator

CVE-2024-43801

JellyfinJellyfin5.4MEDIUM

Jellyfin Possible Remote Code Execution via custom FFmpeg binary

CVE-2023-48702

jellyfinjellyfin7.2HIGH

Argument Injection in FFmpeg codec parameters in Jellyfin

CVE-2023-49096

JellyfinJellyfin7.7HIGH

Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

CVE-2023-30626

JellyfinJellyfin8.8HIGH

jellyfin-web has a stored cross-site scripting vulnerability in devices.js

CVE-2023-30627

JellyfinJellyfin-web9.1CRITICAL

Server-Side Request Forgery in Jellyfin Affects Data Access

CVE-2023-27161

JellyfinJellyfin7.5HIGH

Stored XSS Vulnerability in Jellyfin Media Server 10.8.x and Earlier Versions

CVE-2023-23635

JellyfinJellyfin5.4MEDIUM

Stored XSS Vulnerability in Jellyfin Media Server by Jellyfin

CVE-2023-23636

JellyfinJellyfin5.4MEDIUM

Access Control Flaw in Jellyfin Media Server by Jellyfin

CVE-2022-35909

JellyfinJellyfin8.8HIGH

Stored XSS Vulnerability in Jellyfin Affecting Admin Access

CVE-2022-35910

JellyfinJellyfin5.4MEDIUM

Unauthenticated GET requests through Remote Image endpoints

CVE-2021-29490

JellyfinJellyfinEPSS 89%5.8MEDIUM

Unauthenticated Arbitrary File Access in Jellyfin

CVE-2021-21402

JellyfinJellyfin👾🟡EPSS 92%7.7HIGH

jellyfin Summary

Vulnerability Published:

Sort By:

15 April 2025

Argument Injection Vulnerability in Jellyfin Media Server

IP Spoofing Vulnerability in Jellyfin Media Server

2 September 2024

Specially crafted SVG file can retrieve AccessToken for Jellyfin administrator

13 December 2023

Jellyfin Possible Remote Code Execution via custom FFmpeg binary

6 December 2023

Argument Injection in FFmpeg codec parameters in Jellyfin

24 April 2023

Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

jellyfin-web has a stored cross-site scripting vulnerability in devices.js

10 March 2023

Server-Side Request Forgery in Jellyfin Affects Data Access

3 February 2023

Stored XSS Vulnerability in Jellyfin Media Server 10.8.x and Earlier Versions

Stored XSS Vulnerability in Jellyfin Media Server by Jellyfin

19 August 2022

Access Control Flaw in Jellyfin Media Server by Jellyfin

Stored XSS Vulnerability in Jellyfin Affecting Admin Access

6 May 2021

Unauthenticated GET requests through Remote Image endpoints

23 March 2021

Unauthenticated Arbitrary File Access in Jellyfin