Browse all 18 CVE security advisories affecting ampache. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ampache serves as an open-source web-based audio/video streaming server and media library management system. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, contributing to its 18 recorded CVEs. The application's file handling and authentication mechanisms have frequently been attack vectors. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in web interfaces and API endpoints suggests ongoing security challenges requiring diligent patch management and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-0771 | SQL Injection in ampache/ampache — ampache/ampacheCWE-89 | 8.8 | - | 2023-02-10 |
| CVE-2023-0606 | Cross-site Scripting (XSS) - Reflected in ampache/ampache — ampache/ampacheCWE-79 | 6.1 | - | 2023-02-01 |
| CVE-2022-4665 | Unrestricted Upload of File with Dangerous Type in ampache/ampache — ampache/ampacheCWE-434 | 8.0 | - | 2022-12-23 |
This page lists every published CVE security advisory associated with ampache. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.