pkg:Go/github.com/gohugoio/hugo

7 total CVEsHIGH2MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • HIGH8.1CVE-2026-44301Hugo's Node tool execution allows file system access outside the project directory
    >= 0.43.0, < 0.161.0
  • HIGH7.7CVE-2020-26284Hugo can execute a binary from the current directory on Windows
    from 0, < 0.79.1
  • MEDIUM6.1CVE-2024-32875Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
    >= 0.123.0, < 0.125.3
  • MEDIUM6.1CVE-2024-32875Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
    >= 0.123.0, < 0.125.3
  • MEDIUM5.4CVE-2026-35166Hugo: Certain markdown links are not properly escaped
    >= 0.60.0, < 0.159.2
  • CVE-2024-55601Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo
    >= 0.123.0, < 0.139.4
  • CVE-2024-55601Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo
    >= 0.123.0, < 0.139.4