Go to main page
Versions in this module
v0
Dec 15, 2023 GO-2024-3046 +12 more
GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos
GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos
GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos