GO-2026-4824 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab...

GO-2026-4823 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab

PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab...

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the token URL query parameter, which is accepted by the authentication process. An attacker can obtain sensitive API credentials by accessing logs, browser history, clipboard...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /download URL validation process. An attacker can access internal resources or trigger unintended network requests by crafting a browser-side redirect that bypasses validation. Remediation Upgrad...

GO-2026-4631 PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab

PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the download endpoint. An attacker can access internal network resources and retrieve sensitive information by sending crafted requests to arbitrary URLs, resulting in the exfiltration of full respon...