GO-2023-2036
and 16 other vulnerabilities
GO-2023-2036 : usememos/memos vulnerable to privilege escalation in github.com/usememos/memos
GO-2023-2038 : Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos
GO-2023-2065 : Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos
GO-2024-3046 : memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
GO-2024-3047 : memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
GO-2024-3049 : memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
GO-2024-3088 : memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
GO-2025-3492 : Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
GO-2025-3831 : Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos
GO-2025-3936 : Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
GO-2025-3937 : Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
GO-2025-4127 : Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
GO-2025-4215 : memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
GO-2025-4216 : memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
GO-2025-4217 : memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
GO-2025-4218 : memos lacks file name validation or verification in github.com/usememos/memos
GO-2025-4220 : memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
Discover Packages
github.com/usememos/memos
common
package
Version:
v0.13.1
Opens a new window with list of versions in this module.
Published: May 27, 2023
License: MIT
Opens a new window with license information.
Imports: 6
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
ErrorMessage unwraps an application error and returns its message.
Non-application errors always return "Internal error".
HasPrefixes returns true if the string s has any of the given prefixes.
RandomString returns a random string with length n.
ValidateEmail validates the email.
Code is the error code.
ErrorCode unwraps an application error and returns its code.
Non-application errors always return EINTERNAL.
Error represents an application-specific error. Application errors can be
unwrapped by the caller to extract out the code & message.
Any non-application error (such as a disk error) should be reported as an
Internal error and the human user should only see "Internal error" as the
message. These low-level internal error details should only be logged and
reported to the operator of the application (not the end user).
Errorf is a helper function to return an Error with a given code and error.
Error implements the error interface. Not used by the application otherwise.
¶
¶
Package log implements a simple logging package.
Package log implements a simple logging package.
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files
Directories