Packagist (Composer) package
phanan/koel
pkg:composer/phanan/koel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-47260 | Hig | 7.7 | < 9.3.5 | 9.3.5 | Jun 12, 2026 | Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode values extracted from the RSS XML are stored directly into t | |
| CVE-2021-33563 | Hig | 7.5 | < 5.1.4 | 5.1.4 | May 24, 2021 | Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier. |
- affected < 9.3.5fixed 9.3.5
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode values extracted from the RSS XML are stored directly into t
- affected < 5.1.4fixed 5.1.4
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.