azuracast/azuracast

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting azuracast/azuracastpage 1 of 1

CVE-2023-2191MEDIUMCVSS 4.8EG 4.8✓ Fixed in 0.18.0
2023-04-20
vulnerable: 0.10.0 ... 0.9.9 (53 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18.
CVE-2023-2531CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.18.3
2023-05-05
vulnerable: 0.10.0 ... 0.9.9 (56 versions)
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.
CVE-2026-42605HIGHCVSS 8.8EG 8.8✓ Fixed in 0.23.6
2026-05-09
vulnerable: 0.10.0 ... 0.9.9 (80 versions)
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not sanitized for path…
CVE-2026-42606HIGHCVSS 8.1EG 8.1✓ Fixed in 0.23.6
2026-05-09
vulnerable: 0.10.0 ... 0.9.9 (80 versions)
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthen…

Check whether azuracast/azuracast is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for azuracast/azuracast CVEs against the assets you own.

Start Free Scan →