Open-source video hosting, honestly reviewed. No marketing fluff — just what you get when you self-host it.

TL;DR

What it is: Open-source PHP script for launching a self-hosted video and photo sharing platform — a YouTube/Netflix clone you install on your own server [README].
Who it’s for: Developers or technical founders who need a multi-user video hosting site with social features and don’t want to pay Vimeo or Wistia per seat or per bandwidth. Also: communities, internal media portals, niche video sites [4].
Cost savings: Vimeo Starter runs $12–20/mo with strict storage limits; Wistia starts at $19/mo for 10 videos. ClipBucket self-hosted runs on a VPS with unlimited content for the price of the server [website].
Key strength: Genuinely feature-complete for a free PHP script — HLS conversion, 4K support, subtitles, Chromecast, TMDB integration, AI NSFW check, and social features (playlists, collections, friend requests) all ship in the box [README].
Key weakness: Four CVEs disclosed in 2024–2025, including one rated CVSS 9.8 Critical that allowed unauthenticated remote code execution. All patched, but the history is a yellow flag for anyone running a public-facing instance [2].

What is ClipBucket

ClipBucket is an open-source PHP script that lets you run a multi-user video sharing site — think a stripped-down YouTube — on your own infrastructure. Users can upload videos and photos, create playlists and collections, follow each other, send private messages, and interact through comments. Admins get a dashboard with stats, video moderation, and configuration controls.

The project has a complicated history worth knowing. The original ClipBucket (at github.com/arslancb/clipbucket) was released around 2010, had a period of active development, then started dying after version 4.1 in May 2018 and was archived in December 2022. Separately, in October 2020, the commercial side of ClipBucket shut down and rebranded as Vodlix — a closed-source fork with no free tier [website]. What’s in front of you now is ClipBucket V5, a community fork created by GitHub user MacWarrior in 2016 and currently developed under the Oxygenz umbrella. It has been actively maintained since, with version 5.5.2 released after 196 focused revisions [README].

The GitHub repository sits at 153 stars — a meaningfully small number that reflects the niche this fills. This isn’t a project with thousands of contributors or VC backing. It’s a small team that has kept an aging PHP script alive and significantly improved [README]. Whether that’s a feature or a bug depends on your risk tolerance.

The license field in the repository metadata shows as “NOASSERTION” — meaning the license isn’t clearly machine-readable in the repository. The website describes the community edition as “freely downloadable” and “open source,” but you should read the actual license file before using this commercially or distributing it. This is not a clearly MIT or Apache 2.0 project.

Why People Choose It

Third-party reviews specifically on ClipBucket V5 are sparse — the webcrawler could only pull one substantive security article and one passing mention in a video CMS roundup. That itself is signal: this isn’t a tool with a loud community writing about it. What the available sources tell us, combined with what the project itself says, paints a coherent picture.

The core pitch is eliminate hosting costs for video. According to how2shout.com’s roundup of open-source video CMS options [4], ClipBucket positions itself as a “complete multimedia solution” — not just video, but photos and audio in one install — with monetization built in. The ability to run pre-roll or post-roll ads (like YouTube) without a revenue share with a platform is the kind of thing that makes a niche content creator or small publisher take notice.

Versus Vimeo. Vimeo’s paid plans gate bandwidth, storage, and viewer controls. At Vimeo Starter (~$20/mo) you get 5GB/week upload bandwidth. If you’re publishing training courses, conference recordings, or brand videos at volume, that ceiling hurts fast. ClipBucket on a $20/mo VPS with a large storage volume removes that ceiling entirely [website][4].

Versus a YouTube channel. YouTube is free but you don’t control the experience — ads can appear on your content, the algorithm governs discovery, and you can get demonetized or banned without recourse. ClipBucket gives you the full YouTube-style experience (comments, likes, subscriptions, playlists) on infrastructure you own [README][4].

Versus Jellyfin or Plex. These are personal media servers — great for private streaming to your own devices. ClipBucket is built for public-facing, multi-user platforms where content creators can register, upload, and build an audience. If you want a YouTube for your community rather than a private Netflix, that’s the difference [website].

The how2shout review [4] calls out HTML5 compatibility via FFMPEG conversion and the ad monetization features as the standout points. The README adds HLS streaming (critical for multi-quality adaptive playback), which the how2shout article [4] was written before and doesn’t cover — that’s a meaningful upgrade since then.

Features

Based on the README (v5.5.2) and the official website:

Video engine:

MP4 and HLS conversion on upload — one-time transcoding, not live re-encode on every view [README][website]
UHD / 4K video support [README]
Multi-quality adaptive playback via HLS [README]
Video subtitles support from admin panel [README][website]
Remote play — embed or play videos from external URLs [website]
Chromecast / Android TV native support [README][website]

Content and social:

Multi-user with registration, profiles, friend requests, private messaging [website]
Collections (recursive — collections of collections), playlists [README][website]
Photo hosting alongside video [website]
Visual comment editor [README]
Age restriction controls [README]
TMDB integration for media metadata [README]

Admin and platform:

Dark and light themes [README]
Multi-language UI (English, French, German, Portuguese, Spanish built in) [README]
Integrated DB update system — schema migrations run through the UI, not the command line [README][website]
Update checker built in — you see immediately if a new version exists [website]
Multi-server support for complex hosting setups [website]
AI NSFW check for uploaded media [README]
Ad monetization support [4]

Technical:

PHP 8.1–8.5+ compatibility [README]
MySQL 9+ with strict mode [README]
Docker deployment via oxygenz/clipbucket-v5 image [README]
REST API [merged profile]

The technical stack is decidedly old-school: PHP, MySQL, Smarty templates, FFMPEG for video processing. If you’re a developer who lives in Node.js or Go, this codebase will feel dated. If you’re a WordPress-era developer or anyone comfortable with LAMP stacks, it’s familiar territory.

Pricing: SaaS vs Self-Hosted Math

ClipBucket self-hosted (Community Edition):

Software: free
Hosting: your cost — a VPS starting at ~$6–20/month on Hetzner or DigitalOcean
Setup: DIY
Support: GitHub issues only [website]

ClipBucket SaaS (via Oxygenz):

Fully managed hosting
Priority support
10% discount on custom development
Price: not listed publicly — “contact us” [website]

Vimeo for comparison:

Free tier: very limited, Vimeo branding on player
Starter: ~$20/mo, 5GB/week upload
Standard: ~$60/mo, 20GB/week
Advanced: ~$100/mo

Wistia for comparison:

Free: 3 videos, Wistia branding
Plus: $19/mo, 10 videos, 250GB bandwidth/month
Pro: $79/mo

The math for a course creator or community with moderate video volume is clear: if you need more than 10 videos and 250GB/month, you’re at $79+/month on Wistia. A $10/month VPS with a 500GB storage volume runs ClipBucket with no per-video or per-bandwidth limits.

The caveat is storage growth. Video is big. 4K is very big. A site with 500 hours of 4K video could easily need 2–5TB of storage, which on a cloud VPS costs real money. Budget for object storage (Backblaze B2, Wasabi, Hetzner Object Storage) attached via S3-compatible API rather than paying per-GB VPS disk costs. The website doesn’t address this explicitly, but anyone running serious video volume needs this conversation upfront.

Deployment Reality Check

The official path is Docker: a pre-built image (oxygenz/clipbucket-v5) is available on Docker Hub [README]. The README mentions “easy installation scripts” and an “integrated DB update system” — both signals that the team has thought about reducing setup friction.

What you actually need:

A Linux VPS with at least 2GB RAM — video transcoding (FFMPEG) is CPU and memory intensive
Docker or a traditional LAMP stack (PHP 8.1+, MySQL 9+)
FFMPEG installed — required for video conversion [4]
Storage: depends entirely on your content volume; start with at least 50GB and plan for growth
A domain name and HTTPS (Caddy or nginx reverse proxy)

Realistic setup time: 1–2 hours for a technical user following the Docker path. Longer if you’re configuring FFMPEG manually, setting up S3-compatible storage for video files, or tuning MySQL for large media workloads.

The security history you need to know: In 2024–2025, Sekuro’s offensive security team disclosed four CVEs against ClipBucket V5 [2]:

CVE-2024-54135 and CVE-2024-54136 (CVSS 7.5) — Untrusted deserialization in a photo upload endpoint, allowing arbitrary file deletion and potential application takeover [2].
CVE-2025-21622 (CVSS 7.5) — Path traversal in profile image handling, allowing arbitrary file deletion [2].
CVE-2025-21623 (CVSS 7.5) — Unauthenticated denial-of-service via Smarty template engine parameter, making the entire frontend unusable to all users with a single GET request [2].
CVE-2025-21624 (CVSS 9.8 Critical) — File upload bypass in playlist image handling allowed uploading a PHP webshell for remote code execution. The feature was removed entirely as it was deemed legacy/unfinished [2].

The Sekuro team disclosed these responsibly and the maintainers patched them quickly [2]. That’s good operational behavior. But four CVEs in a single code review — including a 9.8 — tells you something about the codebase’s security posture. If you’re running a public ClipBucket instance, keep it updated, restrict user registration, and treat it as a target-rich environment until proven otherwise. Running 5.5.2+ means these specific issues are patched. New ones may follow.

Pros and Cons

Pros

Feature-complete out of the box. HLS adaptive streaming, 4K support, subtitles, Chromecast, TMDB metadata, AI NSFW detection, ad support — this is more than most self-hosted video tools offer in a single install [README][4].
One-time transcoding model. Unlike Plex or Jellyfin which re-encode on-demand, ClipBucket converts video once on upload. Lower CPU overhead for serving concurrent viewers — you can run it on modest hardware [website].
Active maintenance. V5.5.0, 5.5.1, and 5.5.2 have shipped with hundreds of revisions each. The original project died; this fork hasn’t [README].
Docker available. Clean deployment path without fighting a manual LAMP stack [README].
No per-bandwidth or per-video pricing. Self-host on a fixed-cost VPS and stop watching the meter [website].
Social platform features. Friend requests, private messages, groups, comments, follows — this is a community platform, not just a video player [website].
Responsible disclosure process worked. Maintainers responded and patched the 2024–2025 CVEs quickly [2].

Cons

Four CVEs in one review, including CVSS 9.8. A single security audit found critical vulnerabilities that could have led to complete application takeover. The codebase has been improved, but the underlying PHP architecture that enabled these issues isn’t gone [2].
153 GitHub stars. This is a small project. Small projects get abandoned. If MacWarrior and the Oxygenz team move on, you’re maintaining a PHP codebase yourself.
“NOASSERTION” license. The repository doesn’t expose a clearly machine-readable open-source license. Confirm what you’re allowed to do commercially before building on top of this.
Old tech stack. PHP 8 + Smarty + MySQL is functional but not what most developers want to maintain in 2026. Debugging, extending, and securing it requires PHP familiarity.
No community around it. Unlike Nextcloud or PeerTube, there are no third-party plugin ecosystems, tutorial sites, or active forums. You’re largely on your own with GitHub issues and a Discord [README].
No dedicated video storage integration. You need to solve object storage separately if you’re planning for scale. The platform doesn’t guide you through this.
Sparse documentation. The README and website cover the basics, but in-depth operational docs are thin.

Who Should Use This / Who Shouldn’t

Use ClipBucket if:

You need a multi-user, public-facing video platform — not just personal streaming — and want it self-hosted.
You have PHP/MySQL experience or a developer on the team who does.
You’re building a niche video community, training platform, or content site where Vimeo’s or YouTube’s terms-of-service or pricing don’t work for you.
You want ad monetization on your own platform without revenue sharing.
You can keep the software updated and are comfortable reviewing security advisories.

Skip it (use PeerTube instead) if:

You want a federated, ActivityPub-compatible video platform with a larger active community. PeerTube has thousands of stars, active development, and connects to the Fediverse.
You want a cleaner modern stack (PeerTube is Node.js/TypeScript).
Long-term viability and community health matter more than feature count today.

Skip it (use Jellyfin) if:

You’re building a private media server for your household or small team, not a public-facing platform. Jellyfin handles personal libraries better and has a much larger support community.

Skip it (stay on Vimeo or Wistia) if:

You’re publishing professional video content and need a polished player, analytics, and guaranteed uptime without any ops burden.
Security incidents on your video platform could damage your brand or lose customer data.
You don’t have a technical person to handle setup and ongoing maintenance.

Skip it (use a managed solution) if:

You want the ClipBucket feature set but don’t want to manage the server — contact the Oxygenz team directly about their SaaS offering [website].

Alternatives Worth Considering

PeerTube — The strongest open-source alternative. ActivityPub federation, Node.js stack, larger community, much better documentation. Free and actively maintained. First choice for most people in this category.
Jellyfin — Self-hosted media server, but built for private viewing rather than public sharing with multi-user accounts and social features. Different use case.
AVideo (YouPHPTube) — Another PHP-based YouTube clone from the same era [4]. Similar feature set, similar limitations. Worth comparing feature-by-feature.
ViMP — Community and enterprise versions, similar niche to ClipBucket. The commercial enterprise version is polished; the free community version is less maintained [4].
Vimeo — Managed SaaS, polished player, reliable. More expensive per bandwidth, but zero ops burden.
Cloudflare Stream — Per-minute pricing ($5/1000 minutes stored, $1/1000 minutes delivered). Can be cheaper than a VPS at low volume, scales cleanly, requires zero infrastructure management.
Bunny Stream — $0.005/minute stored, $0.0035/GB egress. Very cheap for video delivery, but you’ll need to build your own front-end.

For someone escaping Vimeo bills who wants a YouTube-style community platform, the real decision is ClipBucket vs PeerTube. PeerTube is the safer long-term bet on almost every dimension except raw feature count today.

Bottom Line

ClipBucket V5 is a technically capable, actively maintained PHP video platform that does more than its low star count suggests — HLS, 4K, subtitles, social features, ad support, and Chromecast all ship out of the box. For a founder or developer who needs a multi-user, public-facing video site and wants to own the infrastructure, it solves a real problem at near-zero software cost.

The honest blockers are the security history and the small community. Four CVEs in a single audit — including one rated 9.8 Critical — aren’t disqualifying on their own (the team patched quickly), but they’re a sign you’re taking on operational responsibility that a more mature project has already baked into its culture. If you’re comfortable tracking PHP CVEs, keeping the install updated, and accepting that this project’s future depends on a small team staying motivated, ClipBucket is a workable choice. If you need the confidence of a larger, more battle-hardened project, PeerTube is the answer.

If the ops burden is the blocker — the setup, the updates, the security patches — that’s exactly what upready.dev handles for clients. One-time deployment, you own the infrastructure.

Sources

WebHostingTalk forum thread on ClipBucket — webhostingtalk.com. https://www.webhostingtalk.com/showthread.php?t=1867167 (blocked by Cloudflare at time of review)
Sekuro Offensive Security — “Critical CVEs ClipBucket V5 (What You Need to Know)” (Jul 28, 2025). https://sekuro.io/blog/critial-cves-clipbucket-v5/
TopAlter.com — “Best Free Note-ify Alternatives for Self Hosted”. https://topalter.com/best-note-ify-alternatives/self-hosted (incidental mention, not a primary review)
How2Shout — “Open source Video CMS For Sharing Videos: 5 Free & Best”. https://www.how2shout.com/tools/best-open-source-video-cms-sharing-videos.html

Primary sources:

GitHub repository and README: https://github.com/macwarrior/clipbucket-v5 (153 stars)
Official website / Oxygenz product page: https://oxygenz.fr/en/clipbucketv5/
Docker Hub image: https://hub.docker.com/r/oxygenz/clipbucket-v5

Features

Integrations & APIs

REST API

Related Media & Streaming Tools

View all 334 →

Immich

95K

High-performance self-hosted photo and video management — automatic backup, ML-powered search, and a Google Photos-like experience on your own server.

media AGPL-3.0

Jellyfin

49K

The volunteer-built media solution that puts you in control of your media. Stream movies, shows, music, and photos to any device from your own server.

media GPL-2.0