Overview · sentriz/gonic · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
GHSA-4gxv-p5g5-j7w7 published May 25, 2026 by sentriz

High
Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist
GHSA-2fp4-5v5c-4448 published May 25, 2026 by sentriz

High
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
GHSA-hmgp-w9jm-vp95 published May 25, 2026 by sentriz

High

Learn more about advisories related to sentriz/gonic in the GitHub Advisory Database