pkg:Go/github.com/usememos/memos

135 total CVEsCRITICAL6HIGH28MEDIUM93

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2023-4696Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos
    from 0, < 0.13.2
  • CRITICAL9.8CVE-2023-4696Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos
    from 0, < 0.13.2
  • CRITICAL9.8CVE-2022-4686usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos
    from 0, < 0.9.0
  • CRITICAL9.8CVE-2022-4686usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos
    from 0, < 0.9.0
  • CRITICAL9.0CVE-2022-4866usememos/memos vulnerable to Cross-site Scripting
    from 0, < 0.9.1
  • CRITICAL9.0CVE-2022-4865usememos/memos Cross-site Scripting vulnerability
    from 0, < 0.9.1
  • HIGH8.8CVE-2023-5036Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos
    from 0, < 0.15.1
  • HIGH8.8CVE-2023-5036Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos
    from 0, < 0.15.1
  • HIGH8.8CVE-2023-4697usememos/memos vulnerable to privilege escalation in github.com/usememos/memos
    from 0, < 0.13.2
  • HIGH8.8CVE-2023-4697usememos/memos vulnerable to privilege escalation in github.com/usememos/memos
    from 0, < 0.13.2
  • HIGH8.8CVE-2022-4844usememos/memos Cross-Site Request Forgery vulnerability
    from 0, <= 0.9.0
  • HIGH8.8CVE-2022-4809usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4808usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4809usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4808usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4803usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4803usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.8CVE-2022-4689usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.8CVE-2022-4684usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.8CVE-2022-4688usememos/memos vulnerable to improper authorization in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.8CVE-2022-4684usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.8CVE-2022-4688usememos/memos vulnerable to improper authorization in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.8CVE-2022-4689usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.1CVE-2024-41659memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
    from 0, < 0.21.0
  • HIGH8.1CVE-2024-41659memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
    from 0, < 0.21.0
  • HIGH8.1CVE-2022-4796usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.1CVE-2022-4796usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH8.1CVE-2022-4687usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH8.1CVE-2022-4687usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
    from 0, < 0.9.0
  • HIGH7.5CVE-2025-65795memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
    from 0, < 0.25.3
  • HIGH7.5CVE-2025-65795memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
    from 0, < 0.25.3
  • HIGH7.5CVE-2023-4698usememos/memos vulnerable to improper input validation
    from 0
  • HIGH7.5CVE-2022-4767usememos/memos Denial of Service vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • HIGH7.5CVE-2022-4767usememos/memos Denial of Service vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2025-65797memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM6.5CVE-2025-65797memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM6.5CVE-2022-4863usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4863usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4847usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4850usememos/memos Cross-Site Request Forgery vulnerability
    from 0, <= 0.9.0
  • MEDIUM6.5CVE-2022-4849usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4846usememos/memos Cross-Site Request Forgery vulnerability
    from 0, <= 0.9.0
  • MEDIUM6.5CVE-2022-4849usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4847usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4812usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4812usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4800usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4799usememos/memos Improper Authentication vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4799usememos/memos Improper Authentication vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4800usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM6.5CVE-2022-4683usememos/memos missing Secure cookie attribute in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM6.5CVE-2022-4683usememos/memos missing Secure cookie attribute in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM6.3CVE-2026-6634Memos has an Incorrect Privilege Assignment issue
    from 0, <= 0.22.1
  • MEDIUM6.1CVE-2024-29029memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.22.0
  • MEDIUM6.1CVE-2024-29029memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.22.0
  • MEDIUM6.1CVE-2022-25978Cross Site Scripting in usememos/memos
    from 0, < 0.10.4-0.20230211093429-b11d2130a084
  • MEDIUM6.1CVE-2022-25978Cross Site Scripting in usememos/memos
    from 0, < 0.10.4-0.20230211093429-b11d2130a084
  • MEDIUM5.8CVE-2024-29028memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
    from 0, < 0.16.1
  • MEDIUM5.8CVE-2024-29028memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
    from 0, < 0.16.1
  • MEDIUM5.8CVE-2024-29030memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
    from 0, < 0.22.0
  • MEDIUM5.8CVE-2024-29030memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
    from 0, < 0.22.0
  • MEDIUM5.7CVE-2022-4848usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.7CVE-2022-4848usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2025-65798memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM5.4CVE-2025-65798memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM5.4CVE-2025-56761Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
    from 0
  • MEDIUM5.4CVE-2025-56761Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
    from 0, <= 0.22.0
  • MEDIUM5.4CVE-2023-0109Stored XSS using two files in usememos/memos in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0109Stored XSS using two files in usememos/memos in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0107usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0106usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0108usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0110usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0111usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0112usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0108usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0112usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0111usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2023-0110usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.10.0
  • MEDIUM5.4CVE-2022-4839usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4840usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4841usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4811usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4811usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4802usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4802usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.4CVE-2022-4691usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4694usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4691usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4695usememos/memos vulnerable to stored Cross-site Scripting
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4692usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4692usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4690usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4690usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos
    from 0, < 0.9.0
  • MEDIUM5.4CVE-2022-4609Memos Cross-site Scripting vulnerability
    from 0, <= 0.8.3
  • MEDIUM5.3CVE-2022-4851sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4851sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4806usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4806usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4798usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4801usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4798usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4804usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4804usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM5.3CVE-2022-4801usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2025-65799memos lacks file name validation or verification in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM4.3CVE-2025-65799memos lacks file name validation or verification in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM4.3CVE-2025-65796memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM4.3CVE-2025-65796memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
    from 0, < 0.25.3
  • MEDIUM4.3CVE-2025-56760Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
    from 0, <= 0.22.0
  • MEDIUM4.3CVE-2025-56760Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
    from 0
  • MEDIUM4.3CVE-2022-4845usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4845usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4813usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4814usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4813usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4805usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4807usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4807usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4814usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4810usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4805usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4810usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4797usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4797usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4734usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
    from 0, < 0.9.1
  • MEDIUM4.3CVE-2022-4734usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
    from 0, < 0.9.1
  • CVE-2024-21635Memos' Access Tokens Stay Valid after User Password Change
    from 0
  • CVE-2024-21635Memos' Access Tokens Stay Valid after User Password Change
    from 0, < 0.18.2
  • CVE-2025-50738Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos
    from 0, < 0.24.4
  • CVE-2025-50738Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos
    from 0, < 0.24.4
  • CVE-2025-22952Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
    from 0
  • CVE-2025-22952Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
    from 0, <= 0.24.0
  • CVE-2022-4685usememos/memos vulnerable to improper access control in github.com/usememos/memos
    from 0, < 0.9.0
  • CVE-2022-4685usememos/memos vulnerable to improper access control in github.com/usememos/memos
    from 0, < 0.9.0