azuracast/azuracast
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting azuracast/azuracastpage 1 of 1
- CVE-2023-2191MEDIUMCVSS 4.8EG 4.8✓ Fixed in 0.18.02023-04-20
vulnerable: 0.10.0 ... 0.9.9 (53 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.
- CVE-2023-2531CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.18.32023-05-05
vulnerable: 0.10.0 ... 0.9.9 (56 versions)
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.
- CVE-2025-67737LOWCVSS 3.7EG 3.1✓ Fixed in 0.23.22025-12-12
vulnerable: 0.10.0 ... 0.9.9 (76 versions)
AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast in…
- CVE-2026-42605HIGHCVSS 8.8EG 8.8✓ Fixed in 0.23.62026-05-09
vulnerable: 0.10.0 ... 0.9.9 (80 versions)
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not sanitized for path…
- CVE-2026-42606HIGHCVSS 8.1EG 8.1✓ Fixed in 0.23.62026-05-09
vulnerable: 0.10.0 ... 0.9.9 (80 versions)
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthen…
Check whether azuracast/azuracast is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for azuracast/azuracast CVEs against the assets you own.
Start Free Scan →