Known Vulnerabilities for products from Thecodingmachine
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Thecodingmachine".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42597 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromi... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42596 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downlo... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42595 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42594 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that ho... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42593 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/c... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42592 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks t... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42591 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libre... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42590 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenber... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-42589 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-40893 json | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileN... | Not Provided | 2026-05-14 | 2026-05-18 |
| CVE-2026-40281 json | Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint valida... | Not Provided | 2026-05-06 | 2026-05-11 |
| CVE-2026-40280 json | Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the... | Not Provided | 2026-05-05 | 2026-05-08 |
| CVE-2026-39383 json | Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can fo... | Not Provided | 2026-05-05 | 2026-05-08 |
| CVE-2026-35458 json | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-su... | Not Provided | 2026-04-07 | 2026-04-14 |
| CVE-2026-27018 json | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be by... | Not Provided | 2026-03-30 | 2026-04-29 |
| CVE-2021-23345 json | All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /c... | 5.3 - MEDIUM | 2021-02-26 | 2021-03-09 |
| CVE-2020-14161 json | It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/htm... | 6.1 - MEDIUM | 2021-08-26 | 2021-09-07 |
| CVE-2020-14160 json | An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attack... | 7.5 - HIGH | 2021-08-26 | 2021-09-01 |
| CVE-2020-13452 json | In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overw... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
| CVE-2020-13451 json | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
Known software with vulnerabilities from Thecodingmachine
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Thecodingmachine | Gotenberg | 3.0.0 |