CVE-2026-42884 Audiobookshelf: Collection endpoints bypass library access controls exposing restricted library data

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

CVE-2026-42884

Summary: Audiobookshelf (self-hosted server) prior to version 2.32.2 exposes collection data across libraries. The GET /api/collections and GET /api/collections/:id endpoints do not verify the requester’s library access, enabling an authenticated user with access to any library to enumerate and r...

EUVD-2023-0802

Malicious code in bioql PyPI...

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

PT-2023-20173 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions 2.7 through 2.7.9 API Platform Core versions 3.0 through 3.0.11 API Platform Core versions 3.0.12 is not affected, versions 3.1 through 3.1.2 Description: Resource properties secured with the security option of the...