Affected by GO-2025-3745 and 2 other vulnerabilities

GO-2025-3745: listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk

GO-2025-3943: listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk

GO-2026-4277: listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover in github.com/knadh/listmonk

internal/

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/knadh/listmonk

Links

Open Source Insights

Directories ¶

Path	Synopsis
buflog
i18n i18n is a simple package that translates strings using a language map.	i18n is a simple package that translates strings using a language map.
manager
media
providers/filesystem
providers/s3
messenger
email
postback
migrations
subimporter Package subimporter implements a bulk ZIP/CSV importer of subscribers.	Package subimporter implements a bulk ZIP/CSV importer of subscribers.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL