Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

coolify — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in coolify, with AI-generated Chinese analysis, references, and POCs.

Vendor: coollabsio

CVE IDTitleCVSSSeverityPublished
CVE-2025-64425 Coolify has host header injection in forgot password CWE-644 8.0 -2026-01-05
CVE-2025-64424 Colify has command injection vulnerability in project git source CWE-77 8.8 -2026-01-05
CVE-2025-64423 Coolify has a Privilege Escalation - low privileged users can see and use admin invitation links CWE-287 8.0 -2026-01-05
CVE-2025-64422 Rate-limit bypass on login via X-Forwarded-Host header CWE-770 9.8 -2026-01-05
CVE-2025-64421 Coolify has a privilege escalation - low privileged user can invite themselves as an admin user CWE-863 8.8 -2026-01-05
CVE-2025-64420 Coolify members can see private key of root user CWE-522 10.0 Critical2026-01-05
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters CWE-77 9.7 Critical2026-01-05
CVE-2025-59955 Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint CWE-201 7.1 -2026-01-05
CVE-2025-59158 Coolify has Stored XSS in Project Name CWE-116 5.4 -2026-01-05
CVE-2025-59157 Coolify has Git Repository RCE CWE-78 10.0 Critical2026-01-05
CVE-2025-59156 Coolify has Docker Compose Injection issue CWE-78 9.9 -2026-01-05
CVE-2025-66213 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Directory Mount Path CWE-78 9.9AICriticalAI2025-12-23
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename CWE-78 8.8AIHighAI2025-12-23
CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename CWE-78 8.8AIHighAI2025-12-23
CVE-2025-66210 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import CWE-78 8.8AIHighAI2025-12-23
CVE-2025-66209 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Backup CWE-78 10.0 Critical2025-12-23
CVE-2025-34157 Coolify Stored Cross-Site Scripting (XSS) in Project Name Field CWE-79 5.4AIMediumAI2025-08-27
CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow CWE-94 8.8AIHighAI2025-08-27
CVE-2025-34161 Coolify Git Repository Field Command Injection in Project Deployment Workflow CWE-78 8.8AIHighAI2025-08-27
CVE-2025-24025 Coolify Vulnerable to Reflected XSS on Tag Search CWE-116 5.4 -2025-01-24
CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) CWE-200 10.0 Critical2025-01-24
CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) CWE-862 10.0 Critical2025-01-24
CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak CWE-862 7.1 -2025-01-24
CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) CWE-862 10.0 Critical2025-01-24
CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) CWE-639 6.5 Medium2025-01-24
CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak CWE-200 6.5 -2025-01-24
CVE-2025-22606 Coolify Command Injection Vulnerability in Project Name CWE-78 8.8 -2025-01-24
CVE-2025-22605 Coolify OS Command Injection Vulnerability in SSH Command Generation CWE-78 9.9 -2025-01-24

All 28 known CVE vulnerabilities affecting coolify with full Chinese analysis, references, and POCs where available.