pkg:Go/go.senan.xyz/gonic
3 total CVEsHIGH3
✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2026-49340gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host from 0, < 0.21.0
HIGH7.1CVE-2026-49338Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR) from 0, < 0.21.0
HIGH7.1CVE-2026-49339gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists from 0, < 0.21.0