Synology Drive Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Synology Drive Server.
By the Year
In 2026 there have been 0 vulnerabilities in Synology Drive Server. Last year, in 2025 Drive Server had 2 security vulnerabilities published. Right now, Drive Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.30 |
| 2018 | 3 | 5.77 |
It may take a day or so for new Drive Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Synology Drive Server Security Vulnerabilities
Synology Drive Server <3.0.4-12699 SQLi in sync daemon (SQL Injection)
CVE-2024-50631
- March 19, 2025
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors.
SQL Injection
Synology Drive Server webapi missing auth pre-3.5.1
CVE-2024-50630
- March 19, 2025
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
Missing Authentication for Critical Function
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562
CVE-2018-13297
5.3 - Medium
- April 01, 2019
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
Information Disclosure
Improper access control vulnerability in Synology Drive before 1.0.2-10275
CVE-2018-8922
6.5 - Medium
- June 01, 2018
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors.
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275
CVE-2018-8921
5.4 - Medium
- June 01, 2018
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
XSS
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253
CVE-2018-8910
5.4 - Medium
- May 10, 2018
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Synology Drive Server or by Synology? Click the Watch button to subscribe.
