I’m syncing Spotify playlists with Lidarr and play my music in Jellyfin or Symfonium.

I’m available for part-time 😁

The first thing that comes to mind is a combination between SBOMs generated for your self-hosted services (trivy, syfy, etc) which are pushed to OWASP Dependency-Track and whenever some vulnebrabilies are detected (note: you’ll get lot of notifications if the application is using a lot of libraries), trigger an event (not sure if node red can help here) which would run a script to disabled the vhost. (just a thought. I haven’t seen an actual solution)