Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gotenberg — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting gotenberg. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gotenberg is an API for converting HTML, Markdown, and Office documents to PDF, primarily used for document processing in web applications. Historically, it has been vulnerable to remote code execution (RCE) through template injection, cross-site scripting (XSS) via malicious document content, and privilege escalation through insecure default configurations. The project has addressed multiple CVEs, including RCE flaws in template processing and XSS vulnerabilities in document rendering. While no major public security incidents have been documented, the consistent pattern of template-related RCE vulnerabilities suggests that input validation and sandboxing remain critical areas for secure deployment.

Top products by gotenberg: gotenberg
High2026-05-07
fix(exitool): prevent control characters · gotenberg/gotenberg@405f106 · GitHub
CriticalCVE-2025-62812026-05-07
ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix in v8.30.1) · Advisory · g
High2026-04-08
ReDoS via extraHttpHeaders scope feature · Advisory · gotenberg/gotenberg · GitHub
High2026-04-02
Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3) · Advisory · gotenberg/gotenbe

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with gotenberg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.