Browse all 3 CVE security advisories affecting FishAudio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FishAudio develops AI-powered voice synthesis and cloning technology for media and entertainment applications. Historically, the platform has been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure API endpoints. Security researchers have identified multiple critical vulnerabilities in its web interface that could allow attackers to execute arbitrary code or bypass authentication. While no major public incidents have been reported, the three documented CVEs highlight ongoing security concerns in its web components and API implementations, emphasizing the need for rigorous input sanitization and access controls in voice synthesis platforms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39688 | fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function — Bert-VITS2CWE-22 | 6.5 | Medium | 2024-07-22 |
| CVE-2024-39686 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function — Bert-VITS2CWE-78 | 9.8 | Critical | 2024-07-22 |
| CVE-2024-39685 | fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function — Bert-VITS2CWE-78 | 9.8 | Critical | 2024-07-22 |
This page lists every published CVE security advisory associated with FishAudio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.