GHSA-xv8g-fj9h-6gmv: Linkdave Missing Authentication on REST and WebSocket endpoints

March 10, 2026

The linkdave HTTP server does not enforce authentication on its REST and WebSocket routes. Because this server may be exposed to the internet, any unauthenticated remote attacker can connect to these endpoints.

References

github.com/advisories/GHSA-xv8g-fj9h-6gmv
github.com/shi-gg/linkdave
github.com/shi-gg/linkdave/commit/0f9a00d9d549b16278db81fce6dfec350c2abc01
github.com/shi-gg/linkdave/security/advisories/GHSA-xv8g-fj9h-6gmv

Code Behaviors & Features

Detect and mitigate GHSA-xv8g-fj9h-6gmv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →