Approved changes feed: RSS · Atom

cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAmpache (88d8c45b-5779-544d-8d14-751e5b71c268)
ProductAmpache (35a70192-fdb3-527e-924f-f2f51aded1ff)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:docker/ampache/ampache purl2cpe 2026-06-01 10:12:40.614812
pkg:github/ampache/ampache purl2cpe 2026-06-01 10:12:40.614814

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-51490 vulnerable 2026-06-08 06:52:12.156745 Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:35:21.582Z
Updated: 2024-11-12T01:44:17.324Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51489 vulnerable 2026-06-08 06:52:12.156279 Insufficient Message Token Validation in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:37:45.808Z
Updated: 2024-11-12T01:44:27.158Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51488 vulnerable 2026-06-08 06:52:12.155796 Insufficient Validation in Delete Message in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:42:29.878Z
Updated: 2024-11-12T01:44:07.126Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51487 vulnerable 2026-06-08 06:52:12.155319 Insufficient Validation in Catalog (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:43:07.322Z
Updated: 2024-11-12T01:43:48.257Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51486 vulnerable 2026-06-08 06:52:12.154824 Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:44:55.279Z
Updated: 2024-11-12T01:43:28.573Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51485 vulnerable 2026-06-08 06:52:12.154439 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51484 vulnerable 2026-06-08 06:52:12.153257 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-47828 vulnerable 2026-06-08 06:48:13.325607 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-47184 vulnerable 2026-06-08 06:48:11.557386 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-41665 vulnerable 2026-06-08 06:43:54.827146 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-28853 vulnerable 2026-06-08 06:33:27.734106 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-28852 vulnerable 2026-06-08 06:33:27.733683 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0771 vulnerable 2026-06-08 05:52:32.585199 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0606 vulnerable 2026-06-08 05:52:32.058342 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4665 vulnerable 2026-06-08 05:52:00.141886 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32644 vulnerable 2026-06-08 05:32:07.762099 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-21399 vulnerable 2026-06-08 05:29:11.818772 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-15153 vulnerable 2026-06-08 05:19:25.384989 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12386 vulnerable 2026-06-08 05:12:38.988166 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12385 vulnerable 2026-06-08 05:12:38.987726 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-4438 vulnerable 2026-06-08 04:49:56.321266 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-4437 vulnerable 2026-06-08 04:49:56.320853 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.