pkg:Go/github.com/knadh/listmonk

All known vulnerabilities

• CRITICAL9.0CVE-2025-49136listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk
  >= 4.0.0, < 5.0.2
• CRITICAL9.0CVE-2025-49136listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk
  from 0
• HIGH7.1CVE-2026-34828listmonk's active sessions remain valid after password reset and password change
  >= 1.1.1-0.20241028090858-319053dd7a90, < 1.1.1-0.20260329113754-1b5e8d38c778
• —listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover in github.com/knadh/listmonk
  from 0, < 1.1.1-0.20251231125615-74dc5a01cfbb
• —listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover in github.com/knadh/listmonk
  >= 1.1.1, < 6.0.0
• —listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk
  from 0, <= 1.1.0
• —listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk
  from 0