This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2026-02-12 15:12:01 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| a6effa17-1fd4-4895-8471-d5c684d7807c | navidrome -- multiple vulnerabilities An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/{token}). When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth. This triggers the Linux OOM killer, terminates the Navidrome process, and results in a full service outage. Discovery 2026-02-03 Entry 2026-02-07 navidrome < 0.60.0 CVE-2026-25578 https://github.com/navidrome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w CVE-2026-25579 https://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3 |