VYPR

Coolify

by Coollabsio

Source repositories

CVEs (29)

  • CVE-2025-24025Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads…

  • CVE-2025-22612Jan 24, 2025
    risk 0.00cvss epss 0.01

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server…

  • CVE-2025-22611Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner…

  • CVE-2025-22610Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and…

  • CVE-2025-22609Jan 24, 2025
    risk 0.00cvss epss 0.01

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server…

  • CVE-2025-22608Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and…

  • CVE-2025-22607Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by…

  • CVE-2025-22606Jan 24, 2025
    risk 0.00cvss epss 0.00

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by altering the project name. If…

  • CVE-2025-22605Jan 24, 2025
    risk 0.00cvss epss 0.01

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary…

Page 2 of 2