High severity7.5NVD Advisory· Published May 24, 2021· Updated Jun 17, 2026
CVE-2021-33563
CVE-2021-33563
Description
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phanan/koelPackagist | < 5.1.4 | 5.1.4 |
Affected products
2- Koel/Koeldescription
Patches
Vulnerability mechanics
References
5- huntr.dev/bounties/1-other-koel/koel/nvdExploitIssue TrackingThird Party Advisory
- github.com/advisories/GHSA-r37h-j483-cjjmghsaADVISORY
- github.com/koel/koel/releases/tag/v5.1.4nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-33563ghsaADVISORY
- huntr.dev/bounties/1-other-koel/koelghsaWEB
News mentions
0No linked articles in our index yet.