immich 跨站脚本漏洞

immich is a high-performance, open-source, self-hosted solution for managing photos and videos. Versions of immich prior to 2.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting flaw within the 360-degree panorama viewer, which could...

CVE-2026-25118

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

EUVD-2026-18756

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

immich security vulnerability

immich is a high-performance, open-source self-hosted solution for managing photos and videos. Versions of immich prior to 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that API keys could elevate their own permissions by calling the update endpoint, allowi...

EUVD-2025-21169

Malicious code in bioql PyPI...

CVE-2025-43856

The CVE-2025-43856 entry concerns immich, a self-hosted photo/video management solution. Affected versions are prior to 1.132.0. The root cause is that the OAuth2 state parameter is not validated, which defeats CSRF protection. When immich uses the /user-settings page as a redirect URI, an attack...