phanan/koel vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54494Mediumphanan/koel: Koel: Full-read SSRF via podcast enclosure URL: isPublicHost() filter_var guard does not reject NAT64 (64:ff9b::/96) or 6to4 (2002::/16)…CVE-2026-50552Mediumphanan/koel: Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bailCVE-2026-54491Highphanan/koel: Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch pathsGHSA-8Q6Q-M837-FV64Mediumphanan/koel: Koel has SSRF through Authenticated Subsonic podcast feed URLsCVE-2026-54493Highphanan/koel: Koel: Authenticated Full-Read SSRF via Subsonic Internet Radio StationsCVE-2026-54492Mediumphanan/koel: Koel: Authenticated Blind SSRF via Subsonic Podcast Channel CreationCVE-2026-47260Highphanan/koel: Koel Vulnerable to SSRF via Podcast Episode Enclosure URLsCVE-2021-33563Highphanan/koel: Improper rate limiting in Koel

Stop the waste.
Protect your environment with Kodem.