Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ampache — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting ampache. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ampache serves as an open-source web-based audio/video streaming server and media library management system. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, contributing to its 18 recorded CVEs. The application's file handling and authentication mechanisms have frequently been attack vectors. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in web interfaces and API endpoints suggests ongoing security challenges requiring diligent patch management and hardening for production deployments.

Top products by ampache: ampache ampache/ampache
CVE IDTitleCVSSSeverityPublished
CVE-2024-51484 Insufficient Validation in Controllers (Activation/Deactivation) in Ampache — ampacheCWE-352 6.5AIMediumAI2024-11-11
CVE-2024-51485 Insufficient Validation in Plugins (Activation/Deactivation) in Ampache — ampacheCWE-352 6.5AIMediumAI2024-11-11
CVE-2024-51486 Stored Cross-Site Scripting in Ampache — ampacheCWE-79 5.5 Medium2024-11-11
CVE-2024-51487 Insufficient Validation in Catalog (Activation/Deactivation) in Ampache — ampacheCWE-352 6.5AIMediumAI2024-11-11
CVE-2024-51488 Insufficient Validation in Delete Message in Ampache — ampacheCWE-352 8.1AIHighAI2024-11-11
CVE-2024-51489 Insufficient Message Token Validation in Ampache — ampacheCWE-352 8.1AIHighAI2024-11-11
CVE-2024-51490 Stored Cross-Site Scripting in Ampache — ampacheCWE-79 5.5 Medium2024-11-11
CVE-2024-47828 Cross-Site Request Forgery in ampache — ampacheCWE-352 5.3 Medium2024-10-09
CVE-2024-47184 Ampache vulnerable to Stored XSS via Democratic Playlist Name — ampacheCWE-79 6.1 Medium2024-09-27
CVE-2024-41665 Ampache Stored Cross-site Scripting Vulnerability — ampacheCWE-79 5.5 Medium2024-07-23
CVE-2024-28852 Ampache has multiple reflective XSS vulnerabilities — ampacheCWE-79 6.1 Medium2024-03-27
CVE-2024-28853 Ampache Stored XSS — ampacheCWE-79 3.9 Low2024-03-27
CVE-2023-0771 SQL Injection in ampache/ampache — ampache/ampacheCWE-89 8.8 -2023-02-10
CVE-2023-0606 Cross-site Scripting (XSS) - Reflected in ampache/ampache — ampache/ampacheCWE-79 6.1 -2023-02-01
CVE-2022-4665 Unrestricted Upload of File with Dangerous Type in ampache/ampache — ampache/ampacheCWE-434 8.0 -2022-12-23
CVE-2021-32644 Cross-site Scripting in Random.php — ampacheCWE-79 6.4 Medium2021-06-22
CVE-2020-15153 Unauthenticated SQL injection in Ampache — ampacheCWE-89 8.2 High2021-04-30
CVE-2021-21399 Unauthenticated SubSonic backend access in Ampache — ampacheCWE-284 9.1 Critical2021-04-13

This page lists every published CVE security advisory associated with ampache. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.