Synology Download Station
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Synology Download Station.
By the Year
In 2026 there have been 0 vulnerabilities in Synology Download Station. Last year, in 2025 Download Station had 2 security vulnerabilities published. Right now, Download Station is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 1 | 5.40 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 7.40 |
It may take a day or so for new Download Station vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Synology Download Station Security Vulnerabilities
Path Traversal in Synology Download Station 5.10.0.304+
CVE-2025-58463
- November 07, 2025
A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
Relative Path Traversal
XSS in Download Station v<5.10.0.304> - remote account bypass
CVE-2025-58465
- November 07, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: Download Station 5.10.0.305 ( 2025/09/16 ) and later Download Station 5.10.0.304 ( 2025/09/08 ) and later
XSS
Download Station 5.8.x XSS Enables Authenticated Network Code Injection
CVE-2024-38640
5.4 - Medium
- September 06, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later
XSS
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566
CVE-2021-34811
4.3 - Medium
- June 18, 2021
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
SSRF
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566
CVE-2021-34810
8.8 - High
- June 18, 2021
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Improper Privilege Management
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566
CVE-2021-34809
8.8 - High
- June 18, 2021
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Command Injection
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563
CVE-2021-33184
7.7 - High
- June 01, 2021
Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.
SSRF
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Synology Download Station or by Synology? Click the Watch button to subscribe.
