Coollabs Security Vulnerabilities (CVEs)
Track 25 security vulnerabilities affecting Coollabs products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Coolify's login endpoint has a rate limit bypass vulnerability that allows attackers to perform unlimited credential stuffing and brute-force attacks ...
Jan 5, 2026In Coolify versions up to v4.0.0-beta.434, low-privileged users (members) can intercept and use administrator invitation links before the intended rec...
Jan 5, 2026A command injection vulnerability in Coolify allows low-privileged users (members) to execute arbitrary system commands as root on the Coolify instanc...
Jan 5, 2026This vulnerability in Coolify allows attackers to hijack password reset emails by manipulating the host header. When victims click malicious reset lin...
Jan 5, 2026This vulnerability allows remote command execution as root on Coolify instances when users create applications from malicious repositories using the d...
Jan 5, 2026This vulnerability allows low-privileged users in Coolify to view the root user's private SSH key, enabling them to authenticate as root on the server...
Jan 5, 2026This vulnerability allows low-privileged users in Coolify to invite themselves as administrators through a race condition exploit. By clicking the inv...
Jan 5, 2026This vulnerability allows low-privileged users in Coolify to inject malicious Docker Compose directives during project creation or updates. By mountin...
Jan 5, 2026CVE-2025-59157 is a command injection vulnerability in Coolify's Git Repository field during project creation. Unauthenticated user input is not prope...
Jan 5, 2026This stored XSS vulnerability in Coolify allows authenticated low-privilege users to inject malicious JavaScript into project names. When administrato...
Jan 5, 2026Coolify versions up to v4.0.0-beta.420.8 have an API vulnerability that allows authenticated team members to access other users' email change verifica...
Jan 5, 2026CVE-2025-66209 is an authenticated command injection vulnerability in Coolify's Database Backup functionality. It allows users with application/servic...
Dec 23, 2025CVE-2025-66210 is an authenticated command injection vulnerability in Coolify's Database Import functionality that allows users with application/servi...
Dec 23, 2025Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in PostgreSQL initialization script filename handling....
Dec 23, 2025Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in Dynamic Proxy Configuration Filename handling. User...
Dec 23, 2025CVE-2025-66213 is an authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality. It allows users with ...
Dec 23, 2025Coolify versions before v4.0.0-beta.420.7 contain a command injection vulnerability in the Git Repository field during project creation. Authenticated...
Aug 27, 2025Coolify versions before v4.0.0-beta.420.6 contain a stored XSS vulnerability where authenticated users can inject malicious JavaScript into project na...
Aug 27, 2025This vulnerability allows any authenticated user in Coolify to attach existing private SSH keys to their own server configuration. If the attacker's s...
Jan 24, 2025This vulnerability in Coolify allows any authenticated user to escalate privileges to any role, including owner, and remove all other team members. At...
Jan 24, 2025Coolify versions before 4.0.0-beta.380 contain a reflected cross-site scripting (XSS) vulnerability in the tags search functionality. When a search re...
Jan 24, 2025Coolify versions before 4.0.0-beta.361 have an authorization flaw where any authenticated user can revoke any team invitation by guessing predictable ...
Jan 24, 2025Coolify versions before 4.0.0-beta.359 contain a command injection vulnerability in project name handling that allows authenticated attackers to execu...
Jan 24, 2025This vulnerability allows any authenticated user in Coolify to access sensitive GitHub/GitLab configuration details (client ID, client secret, webhook...
Jan 24, 2025This vulnerability allows authenticated users in Coolify to execute arbitrary code on the Coolify container, potentially accessing sensitive data and ...
Jan 24, 2025Why Monitor Coollabs Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 25+ known vulnerabilities affecting Coollabs products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Coollabs packages in under 60 seconds. No agents required - completely agentless scanning that works across Coollabs deployments.
Free vulnerability database: Access detailed information about every Coollabs CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Coollabs CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
