Security Advisories · Part-DB/Part-DB-server · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload
GHSA-7rv3-rcxv-69ww published Aug 13, 2025 by jbtronics

Moderate
Uploaded SVG files allow for stored XSS when opened in separate tab
GHSA-whhf-g6wh-g35w published May 24, 2025 by jbtronics

Moderate
HTML/XSS Injection Possibilities in Part-DB 1.0.0 and 1.0.1
GHSA-9pmh-gmxx-rg2x published Feb 26, 2023 by jbtronics

High