Jellyfin (Media Management)

Jellyfin web UI loads gstatic assets by default, which is problematic. App doesn’t really support authenticated proxies, which caused many instances to get pwned by CVE-2026-35031, and the developers literally refused to request more funding from the community some years ago. I still use jellyfin, but it isn’t great.