phanan/koel
Packagist2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting phanan/koelpage 1 of 1
- CVE-2021-33563HIGHCVSS 7.5EG 7.5✓ Fixed in 5.1.42021-05-24
vulnerable: 1.0.0-beta ... v5.1.3 (47 versions)
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.
- CVE-2026-47260HIGHCVSS 7.7EG 7.7✓ Fixed in 9.3.52026-05-29
vulnerable: 1.0.0-beta ... v9.3.4 (162 versions)
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <enclosure url="..."> values extracted fr…
Check whether phanan/koel is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for phanan/koel CVEs against the assets you own.
Start Free Scan →