Known Vulnerabilities for Gotenberg by Thecodingmachine
Listed below are 10 of the newest known vulnerabilities associated with "Gotenberg" by "Thecodingmachine".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40281 json | Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint valida... | Not Provided | 2026-05-06 | 2026-05-07 |
| CVE-2026-40280 json | Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-39383 json | Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can fo... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-35458 json | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-su... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2026-27018 json | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be by... | Not Provided | 2026-03-30 | 2026-03-31 |
| CVE-2021-23345 json | All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /c... | 5.3 - MEDIUM | 2021-02-26 | 2021-03-09 |
| CVE-2020-14161 json | It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/htm... | 6.1 - MEDIUM | 2021-08-26 | 2021-09-07 |
| CVE-2020-14160 json | An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attack... | 7.5 - HIGH | 2021-08-26 | 2021-09-01 |
| CVE-2020-13452 json | In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overw... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
| CVE-2020-13451 json | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Thecodingmachine | Gotenberg | 6.4.0 | |||
| Application | Thecodingmachine | Gotenberg | 6.3.1 | |||
| Application | Thecodingmachine | Gotenberg | 6.3.0 | |||
| Application | Thecodingmachine | Gotenberg | 6.2.1 | |||
| Application | Thecodingmachine | Gotenberg | 6.2.0 | |||
| Application | Thecodingmachine | Gotenberg | 6.1.2 | |||
| Application | Thecodingmachine | Gotenberg | 6.1.1 | |||
| Application | Thecodingmachine | Gotenberg | 6.1.0 | |||
| Application | Thecodingmachine | Gotenberg | 6.0.4 | |||
| Application | Thecodingmachine | Gotenberg | 6.0.3 | |||
| Application | Thecodingmachine | Gotenberg | 6.0.2 | |||
| Application | Thecodingmachine | Gotenberg | 6.0.1 | |||
| Application | Thecodingmachine | Gotenberg | 6.0.0 | |||
| Application | Thecodingmachine | Gotenberg | 5.1.0 | |||
| Application | Thecodingmachine | Gotenberg | 5.0.2 | |||
| Application | Thecodingmachine | Gotenberg | 5.0.1 | |||
| Application | Thecodingmachine | Gotenberg | 5.0.0 | |||
| Application | Thecodingmachine | Gotenberg | 4.4.0 | |||
| Application | Thecodingmachine | Gotenberg | 4.3.0 | |||
| Application | Thecodingmachine | Gotenberg | 4.2.1 |