azuracast/azuracast vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-Q4PH-8X8G-95F8Highazuracast/azuracast: AzuraCast Vulnerable to Liquidsoap Code Injection via Incomplete cleanUpString-to-toRawString Migration in Remote Relay Password FieldGHSA-QFF7-Q5FM-8P76Mediumazuracast/azuracast: AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data ExfiltrationGHSA-4FM3-GGG2-C6QXMediumazuracast/azuracast: AzuraCast's Missing RequireInternalConnection on Liquidsoap API Allows Low-Privilege Metadata Injection and Broadcast DisruptionCVE-2026-42606Highazuracast/azuracast: AzuraCast has Password Reset Poisoning via Untrusted X-Forwarded-Host Header that Leads to Account Takeover and 2FA BypassCVE-2026-42605Highazuracast/azuracast: AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media UploadGHSA-93FX-5QGC-WR38Highazuracast/azuracast: AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLsCVE-2025-67737Lowazuracast/azuracast: AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCECVE-2023-2531Criticalazuracast/azuracast: AzuraCast missing brute force preventionCVE-2023-2191Lowazuracast/azuracast: AzuraCast/AzuraCast vulnerable to cross-site scripting

Stop the waste.
Protect your environment with Kodem.