github.com/gotenberg/gotenberg/v8 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-55229Highgithub.com/gotenberg/gotenberg/v8: Gotenberg: SSRF via LibreOffice document processingCVE-2026-45742Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has a Race Condition via Multipart `downloadFrom` HandlingCVE-2026-45741Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixesCVE-2026-44829Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has path traversal in zip entry name via Windows-style separators in upload filenameCVE-2026-42595Highgithub.com/gotenberg/gotenberg/v8: Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List…CVE-2026-42597Mediumgithub.com/gotenberg/gotenberg/v8: Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file://…CVE-2026-42596Criticalgithub.com/gotenberg/gotenberg/v8: Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and…CVE-2026-42594Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async…CVE-2026-42593Mediumgithub.com/gotenberg/gotenberg/v8: Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and…CVE-2026-42592Mediumgithub.com/gotenberg/gotenberg/v8: Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routesCVE-2026-42591Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has a Server-Side Request Forgery (SSRF) IssueCVE-2026-42590Highgithub.com/gotenberg/gotenberg/v8: Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklistCVE-2026-42589Criticalgithub.com/gotenberg/gotenberg/v8: Gotenberg has Unauthenticated RCE via ExifTool Metadata Key InjectionCVE-2026-40893Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows…CVE-2026-40281Criticalgithub.com/gotenberg/gotenberg/v8: Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key…CVE-2026-39383Mediumgithub.com/gotenberg/gotenberg/v8: Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URLCVE-2026-40280Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF…GHSA-QMWH-9M9C-H36MHighgithub.com/gotenberg/gotenberg/v8: Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing…CVE-2026-35458Highgithub.com/gotenberg/gotenberg/v8: Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope featureCVE-2026-27018Highgithub.com/gotenberg/gotenberg/v8: Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of…

Stop the waste.
Protect your environment with Kodem.