pkg:Go/github.com/pinchtab/pinchtab

13 total CVEsHIGH1MEDIUM10

✅ Check your installed version

All known vulnerabilities

HIGH7.5CVE-2026-30834PinchTab has SSRF with Full Response Exfiltration via Download Handler
from 0, < 0.7.7
MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
from 0, < 0.8.5
MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
from 0, < 0.8.5
MEDIUM5.8CVE-2026-33081PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
from 0, < 0.8.3
MEDIUM5.8CVE-2026-33081PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
from 0, < 0.8.3
MEDIUM4.8CVE-2026-33621PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
>= 0.7.7, < 0.8.5
MEDIUM4.8CVE-2026-33621PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
>= 0.7.7, < 0.8.5
MEDIUM4.3CVE-2026-33620PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
>= 0.7.8, < 0.8.4
MEDIUM4.3CVE-2026-33620PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
>= 0.7.8, < 0.8.4
MEDIUM4.1CVE-2026-33619PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
from 0, < 0.8.4
MEDIUM4.1CVE-2026-33619PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
from 0, < 0.8.4
—CVE-2026-33622A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
>= 0.8.3
—CVE-2026-33622A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
>= 0.8.3