Vendor
Koel
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- 2 CVEs
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47260 | hig | 0.38 | — | — | May 29, 2026 | ## Summary Koel validates the podcast feed URL via the `SafeUrl` rule (DNS resolution + public IP check), but the individual episode `` values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an… | ||
| CVE-2021-33563 | 0.00 | — | 0.00 | May 24, 2021 | Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier. |
- risk 0.38cvss —epss —
## Summary Koel validates the podcast feed URL via the `SafeUrl` rule (DNS resolution + public IP check), but the individual episode `` values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an…
- CVE-2021-33563May 24, 2021risk 0.00cvss —epss 0.00
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.