Browse all 5 CVE security advisories affecting owncast. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Owncast is a self-hosted live video streaming server designed for independent broadcasters to create their own streaming platforms without third-party dependencies. Historically, the project has faced vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues, with five CVEs documented to date. These weaknesses often stem from improper input validation and insufficient access controls in its web interface. While no major public security incidents have been widely reported, the presence of multiple RCE vulnerabilities in past versions highlights the importance of maintaining updated installations and implementing proper network segmentation for deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31450 | Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) — owncastCWE-22 | 2.7 | Low | 2024-04-19 |
| CVE-2024-29026 | Owncast cross origin request — owncastCWE-352 | 8.2 | High | 2024-03-20 |
| CVE-2023-3188 | Server-Side Request Forgery (SSRF) in owncast/owncast — owncast/owncastCWE-918 | 7.5 | - | 2023-06-10 |
| CVE-2022-3751 | SQL Injection in owncast/owncast — owncast/owncastCWE-89 | 8.8 | - | 2022-11-29 |
| CVE-2021-39183 | Unsafe inline XSS Owncast — owncastCWE-79 | 8.2 | High | 2021-12-14 |
This page lists every published CVE security advisory associated with owncast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.