Package impact
Go / github.com/gotenberg/gotenberg/v8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42597 | medium | 5.9 | 5.9 | 21d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-42593 | medium | 5.3 | 5.3 | 21d ago | Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes | |||
| CVE-2026-42592 | medium | 5.3 | 5.3 | 21d ago | Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes | |||
| CVE-2026-45742 | unknown | — | — | 6d ago | Gotenberg has a Race Condition via Multipart `downloadFrom` Handling | |||
| CVE-2026-45741 | unknown | — | — | 6d ago | Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes | |||
| CVE-2026-44829 | unknown | — | — | 6d ago | Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename |