api

Feb 24, 2024 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Feb 3, 2024 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jan 28, 2024 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jan 18, 2024 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Dec 15, 2023 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Dec 10, 2023 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Nov 19, 2023 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Oct 29, 2023 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Oct 21, 2023 GO-2024-3046 +12 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Oct 5, 2023 GO-2024-3046 +13 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Sep 23, 2023 GO-2024-3046 +13 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Sep 18, 2023 GO-2024-3046 +13 more

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Sep 16, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Aug 13, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Aug 5, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 26, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 22, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 16, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 1, 2023 GO-2023-2065 +14 more

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type MemoResponse

+ DisplayTs int64

type ResourceCreate

+ DownloadToLocal bool

type SystemSettingName

+ const SystemSettingMemoDisplayWithUpdatedTsName

+ const SystemSettingTelegramBotTokenName

type SystemStatus

+ MemoDisplayWithUpdatedTs bool

May 27, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type CreateMemoRequest struct

+ Content string

+ CreatedTs *int64

+ CreatorID int

+ RelationList []*MemoRelationUpsert

+ ResourceIDList []int

+ Visibility Visibility

+ type FindMemoRequest struct

+ ContentSearch []string

+ CreatorID *int

+ ID *int

+ Limit *int

+ Offset *int

+ Pinned *bool

+ RowStatus *RowStatus

+ VisibilityList []Visibility

+ type MemoResponse struct

+ Content string

+ CreatedTs int64

+ CreatorID int

+ CreatorName string

+ ID int

+ Pinned bool

+ RelationList []*MemoRelation

+ ResourceList []*Resource

+ RowStatus RowStatus

+ UpdatedTs int64

+ Visibility Visibility

+ type PatchMemoRequest struct

+ Content *string

+ CreatedTs *int64

+ ID int

+ RelationList []*MemoRelationUpsert

+ ResourceIDList []int

+ RowStatus *RowStatus

+ UpdatedTs *int64

+ Visibility *Visibility

type SystemSettingName

+ const SystemSettingTelegramRobotTokenName

type UserSettingKey

+ const UserSettingTelegramUserIDKey

May 20, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Memo

+ RelationList []*MemoRelation

type MemoCreate

+ RelationList []*MemoRelationUpsert

type MemoPatch

+ RelationList []*MemoRelationUpsert

+ type MemoRelation struct

+ MemoID int

+ RelatedMemoID int

+ Type MemoRelationType

+ type MemoRelationType string

+ const MemoRelationAdditional

+ const MemoRelationReference

+ type MemoRelationUpsert struct

+ RelatedMemoID int

+ Type MemoRelationType

type SystemSettingName

+ const SystemSettingMaxUploadSizeMiBName

type SystemStatus

+ MaxUploadSizeMiB int

Apr 16, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Apr 9, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type SystemSettingName

+ const SystemSettingIgnoreUpgradeName

type SystemStatus

+ IgnoreUpgrade bool

Apr 3, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ const DatabaseStorage

+ const LocalStorage

type Resource

+ InternalPath string

+ PublicID string

type ResourceCreate

+ InternalPath string

+ PublicID string

type ResourceFind

+ Limit *int

+ Offset *int

+ PublicID *string

type ResourcePatch

+ PublicID *string

+ ResetPublicID *bool

type StorageS3Config

+ URLSuffix string

type SystemSettingName

+ const SystemSettingLocalStoragePathName

+ const SystemSettingServerIDName

type SystemStatus

+ LocalStoragePath string

Mar 11, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type OpenAIConfig struct

+ Host string

+ Key string

type SystemSettingName

+ const SystemSettingOpenAIConfigName

Mar 4, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var SystemSettingDisablePublicMemosValue = []bool

+ var UserSettingResourceVisibilityValue = []Visibility

type Memo

+ CreatorName string

+ type OpenAICompletionRequest struct

+ Prompt string

type Resource

+ Visibility Visibility

type ResourceCreate

+ Visibility Visibility

type ResourcePatch

+ Visibility *Visibility

type StorageS3Config

+ Path string

type SystemSettingName

+ const SystemSettingOpenAIAPIKeyName

type UserSettingKey

+ const UserSettingResourceVisibilityKey

Feb 24, 2023 GO-2023-2036 +16 more

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ const MaxContentLength

+ var SystemSettingDisbalePublicMemosValue = []bool

+ type FieldMapping struct

+ DisplayName string

+ Email string

+ Identifier string

+ type IdentityProvider struct

+ Config *IdentityProviderConfig

+ ID int

+ IdentifierFilter string

+ Name string

+ Type IdentityProviderType

+ type IdentityProviderConfig struct

+ OAuth2Config *IdentityProviderOAuth2Config

+ type IdentityProviderCreate struct

+ Config *IdentityProviderConfig

+ IdentifierFilter string

+ Name string

+ Type IdentityProviderType

+ type IdentityProviderDelete struct

+ ID int

+ type IdentityProviderFind struct

+ ID *int

+ type IdentityProviderOAuth2Config struct

+ AuthURL string

+ ClientID string

+ ClientSecret string

+ FieldMapping *FieldMapping

+ Scopes []string

+ TokenURL string

+ UserInfoURL string

+ type IdentityProviderPatch struct

+ Config *IdentityProviderConfig

+ ID int

+ IdentifierFilter *string

+ Name *string

+ Type IdentityProviderType

+ type IdentityProviderType string

+ const IdentityProviderOAuth2

+ type SSOSignIn struct

+ Code string

+ IdentityProviderID int

+ RedirectURI string

+ type Storage struct

+ Config *StorageConfig

+ ID int

+ Name string

+ Type StorageType

+ type StorageConfig struct

+ S3Config *StorageS3Config

+ type StorageCreate struct

+ Config *StorageConfig

+ Name string

+ Type StorageType

+ type StorageDelete struct

+ ID int

+ type StorageFind struct

+ ID *int

+ type StoragePatch struct

+ Config *StorageConfig

+ ID int

+ Name *string

+ Type StorageType

+ type StorageS3Config struct

+ AccessKey string

+ Bucket string

+ EndPoint string

+ Region string

+ SecretKey string

+ URLPrefix string

+ type StorageType string

+ const StorageS3

type SystemSettingName

+ const SystemSettingDisablePublicMemosName

+ const SystemSettingStorageServiceIDName

type SystemStatus

+ DisablePublicMemos bool

+ StorageServiceID int

type User

+ AvatarURL string

type UserPatch

+ AvatarURL *string

Feb 10, 2023 GO-2023-1566 +17 more

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type ResourceFind

+ GetBlob bool

Jan 21, 2023 GO-2023-1566 +17 more

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Resource

+ ExternalLink string

type ResourceCreate

+ ExternalLink string

Jan 14, 2023 GO-2023-1566 +17 more

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jan 7, 2023 GO-2023-1566 +17 more

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ const UnknownID

+ type Activity struct

+ CreatedTs int64

+ CreatorID int

+ ID int

+ Level ActivityLevel

+ Payload string

+ Type ActivityType

+ type ActivityCreate struct

+ CreatorID int

+ Level ActivityLevel

+ Payload string

+ Type ActivityType

+ type ActivityLevel string

+ const ActivityError

+ const ActivityInfo

+ const ActivityWarn

+ type ActivityMemoCreatePayload struct

+ Content string

+ Visibility string

+ type ActivityResourceCreatePayload struct

+ Filename string

+ Size int64

+ Type string

+ type ActivityServerStartPayload struct

+ Profile *profile.Profile

+ ServerID string

+ type ActivityShortcutCreatePayload struct

+ Payload string

+ Title string

+ type ActivityTagCreatePayload struct

+ TagName string

+ type ActivityType string

+ const ActivityMemoCreate

+ const ActivityMemoDelete

+ const ActivityMemoUpdate

+ const ActivityResourceCreate

+ const ActivityResourceDelete

+ const ActivityServerStart

+ const ActivityShortcutCreate

+ const ActivityShortcutDelete

+ const ActivityShortcutUpdate

+ const ActivityTagCreate

+ const ActivityTagDelete

+ const ActivityUserAuthSignIn

+ const ActivityUserAuthSignUp

+ const ActivityUserCreate

+ const ActivityUserDelete

+ const ActivityUserSettingUpdate

+ const ActivityUserUpdate

+ type ActivityUserAuthSignInPayload struct

+ IP string

+ UserID int

+ type ActivityUserAuthSignUpPayload struct

+ IP string

+ Username string

+ type ActivityUserCreatePayload struct

+ Role Role

+ UserID int

+ Username string

+ type SignIn struct

+ Password string

+ Username string

+ type SignUp struct

+ Password string

+ Role Role

+ Username string

type SystemSettingName

+ const SystemSettingSecretSessionName

+ const SystemSettingServerID

Dec 31, 2022 GO-2023-1461 +22 more

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type UserPatch

+ func (patch UserPatch) Validate() error

Dec 23, 2022 GO-2022-1219 +49 more

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type CustomizedProfile struct

+ Appearance string

+ Description string

+ ExternalURL string

+ Locale string

+ LogoURL string

+ Name string

type SystemSettingName

+ const SystemSettingCustomizedProfileName

type SystemStatus

+ CustomizedProfile CustomizedProfile

+ type Tag struct

+ CreatorID int

+ Name string

+ type TagDelete struct

+ CreatorID int

+ Name string

+ type TagFind struct

+ CreatorID int

+ type TagUpsert struct

+ CreatorID int

+ Name string

Dec 16, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Dec 10, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Dec 2, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var UserSettingAppearanceValue = []string

type UserSettingKey

+ const UserSettingAppearanceKey

type Visibility

+ const Private

Nov 25, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Role

+ const Admin

type Signin

+ Username string

type Signup

+ Username string

type User

+ Nickname string

+ Username string

type UserCreate

+ Nickname string

+ Username string

type UserFind

+ Nickname *string

+ Username *string

type UserPatch

+ Nickname *string

+ Username *string

Nov 18, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type SystemSettingName

+ const SystemSettingAdditionalScriptName

type SystemStatus

+ AdditionalScript string

+ DBSize int64

Nov 12, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type MemoOrganizerDelete struct

+ MemoID *int

+ UserID *int

type ShortcutDelete

+ CreatorID *int

type SystemSettingName

+ const SystemSettingAdditionalStyleName

type SystemStatus

+ AdditionalStyle string

+ type UserSettingDelete struct

+ UserID int

Nov 4, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var SystemSettingAllowSignUpValue = []bool

+ type SystemSetting struct

+ Description string

+ Name SystemSettingName

+ Value string

+ type SystemSettingFind struct

+ Name *SystemSettingName

+ type SystemSettingName string

+ const SystemSettingAllowSignUpName

+ const SystemSettingPlaceholderName

+ func (key SystemSettingName) String() string

+ type SystemSettingUpsert struct

+ Description string

+ Name SystemSettingName

+ Value string

+ func (upsert SystemSettingUpsert) Validate() error

type SystemStatus

+ AllowSignUp bool

Oct 29, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type ResourcePatch struct

+ Filename *string

+ ID int

+ UpdatedTs *int64

type ShortcutPatch

+ UpdatedTs *int64

type UserPatch

+ UpdatedTs *int64

Oct 21, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var UserSettingMemoDisplayTsOptionKeyValue = []string

type Memo

+ DisplayTs int64

type MemoPatch

+ ResourceIDList []int

+ UpdatedTs *int64

type UserSettingKey

+ const UserSettingMemoDisplayTsOptionKey

Oct 14, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Oct 3, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Memo

+ ResourceList []*Resource

type MemoCreate

+ ResourceIDList []int

+ type MemoResource struct

+ CreatedTs int64

+ MemoID int

+ ResourceID int

+ UpdatedTs int64

+ type MemoResourceDelete struct

+ MemoID int

+ ResourceID *int

+ type MemoResourceFind struct

+ MemoID *int

+ ResourceID *int

+ type MemoResourceUpsert struct

+ MemoID int

+ ResourceID int

+ UpdatedTs *int64

type Resource

+ LinkedMemoAmount int

type ResourceFind

+ MemoID *int

Sep 24, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var UserSettingMobileEditorStyleValue = []string

type UserSettingKey

+ const UserSettingMobileEditorStyleKey

Sep 16, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Sep 9, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Memo

+ Creator *User

Sep 2, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Aug 27, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var UserSettingEditorFontStyleValue = []string

+ var UserSettingLocaleValue = []string

+ var UserSettingMemoVisibilityValue = []Visibility

type MemoPatch

+ CreatedTs *int64

type UserCreate

+ func (create UserCreate) Validate() error

type UserSettingKey

+ const UserSettingEditorFontStyleKey

type UserSettingUpsert

+ func (upsert UserSettingUpsert) Validate() error

Aug 20, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type CacheNamespace string

+ const MemoCache

+ const ResourceCache

+ const ShortcutCache

+ const UserCache

+ type CacheService interface

+ DeleteCache func(namespace CacheNamespace, id int)

+ FindCache func(namespace CacheNamespace, id int, entry interface{}) (bool, error)

+ UpsertCache func(namespace CacheNamespace, id int, entry interface{}) error

type User

+ UserSettingList []*UserSetting

+ type UserSetting struct

+ Key UserSettingKey

+ UserID int

+ Value string

+ type UserSettingFind struct

+ Key *UserSettingKey

+ UserID int

+ type UserSettingKey string

+ const UserSettingLocaleKey

+ const UserSettingMemoVisibilityKey

+ func (key UserSettingKey) String() string

+ type UserSettingUpsert struct

+ Key UserSettingKey

+ UserID int

+ Value string

Aug 6, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type ResourceDelete

+ CreatorID int

Jul 29, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ var UNKNOWN_ID = 0

type MemoFind

+ VisibilityList []Visibility

+ type UserDelete struct

+ ID int

type Visibility

+ const Protected

Jul 22, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 15, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Jul 9, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

type Memo

+ Visibility Visibility

type MemoCreate

+ Visibility Visibility

type MemoFind

+ Visibility *Visibility

type MemoPatch

+ Visibility *Visibility

type Role

+ const Host

+ type Signin struct

+ Email string

+ Password string

type SystemStatus

+ Host *User

+ type Visibility string

+ const Privite

+ const Public

+ func (e Visibility) String() string

Jul 1, 2022 GO-2022-1189 +59 more

  GO-2022-1189: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos

  GO-2022-1190: usememos/memos vulnerable to improper authorization in github.com/usememos/memos

  GO-2022-1191: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos

  GO-2022-1192: usememos/memos missing Secure cookie attribute in github.com/usememos/memos

  GO-2022-1205: usememos/memos vulnerable to improper access control in github.com/usememos/memos

  GO-2022-1215: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos

  GO-2022-1216: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1217: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1218: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1219: usememos/memos Denial of Service vulnerability in github.com/usememos/memos

  GO-2022-1220: usememos/memos may leak user information to an authenticated user in github.com/usememos/memos

  GO-2022-1225: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2022-1235: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1236: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

  GO-2022-1239: usememos/memos Improper Authentication vulnerability in github.com/usememos/memos

  GO-2022-1240: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2022-1243: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1244: usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos

  GO-2022-1245: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1248: usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

  GO-2022-1250: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1251: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1252: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1253: usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

  GO-2022-1256: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1257: usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos

  GO-2022-1259: usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

  GO-2022-1260: usememos/memos vulnerable to Comparison of Object References Instead of Object Contents in github.com/usememos/memos

  GO-2022-1261: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1263: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2022-1264: usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

  GO-2022-1266: usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

  GO-2023-1270: usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges in github.com/usememos/memos

  GO-2023-1285: sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos

  GO-2023-1291: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

  GO-2023-1292: usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

  GO-2023-1449: usememos/memos Improper Privilege Management vulnerability in github.com/usememos/memos

  GO-2023-1461: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1462: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1465: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1469: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos

  GO-2023-1566: Cross site scripting in github.com/usememos/memos

  GO-2023-2036: usememos/memos vulnerable to privilege escalation in github.com/usememos/memos

  GO-2023-2038: Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos

  GO-2023-2065: Cross-Site Request Forgery (CSRF) in usememos/memos in github.com/usememos/memos

  GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

  GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos

  GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

  GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

  GO-2024-3274: Stored XSS using two files in usememos/memos in github.com/usememos/memos

  GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

  GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

  GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

  GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

  GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

  GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

  GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

  GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

  GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

  GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

Changes in this version

+ type Login struct

+ Email string

+ Password string

+ type Memo struct

+ Content string

+ CreatedTs int64

+ CreatorID int

+ ID int

+ Pinned bool

+ RowStatus RowStatus

+ UpdatedTs int64

+ type MemoCreate struct

+ Content string

+ CreatedTs *int64

+ CreatorID int

+ type MemoDelete struct

+ ID int

+ type MemoFind struct

+ ContentSearch *string

+ CreatorID *int

+ ID *int

+ Limit int

+ Offset int

+ Pinned *bool

+ RowStatus *RowStatus

+ type MemoOrganizer struct

+ ID int

+ MemoID int

+ Pinned bool

+ UserID int

+ type MemoOrganizerFind struct

+ MemoID int

+ UserID int

+ type MemoOrganizerUpsert struct

+ MemoID int

+ Pinned bool

+ UserID int

+ type MemoPatch struct

+ Content *string

+ ID int

+ RowStatus *RowStatus

+ type Resource struct

+ Blob []byte

+ CreatedTs int64

+ CreatorID int

+ Filename string

+ ID int

+ Size int64

+ Type string

+ UpdatedTs int64

+ type ResourceCreate struct

+ Blob []byte

+ CreatorID int

+ Filename string

+ Size int64

+ Type string

+ type ResourceDelete struct

+ ID int

+ type ResourceFind struct

+ CreatorID *int

+ Filename *string

+ ID *int

+ type Role string

+ const NormalUser

+ const Owner

+ func (e Role) String() string

+ type RowStatus string

+ const Archived

+ const Normal

+ func (e RowStatus) String() string

+ type Shortcut struct

+ CreatedTs int64

+ CreatorID int

+ ID int

+ Payload string

+ RowStatus RowStatus

+ Title string

+ UpdatedTs int64

+ type ShortcutCreate struct

+ CreatorID int

+ Payload string

+ Title string

+ type ShortcutDelete struct

+ ID int

+ type ShortcutFind struct

+ CreatorID *int

+ ID *int

+ Title *string

+ type ShortcutPatch struct

+ ID int

+ Payload *string

+ RowStatus *RowStatus

+ Title *string

+ type Signup struct

+ Email string

+ Name string

+ Password string

+ Role Role

+ type SystemStatus struct

+ Owner *User

+ Profile *profile.Profile

+ type User struct

+ CreatedTs int64

+ Email string

+ ID int

+ Name string

+ OpenID string

+ PasswordHash string

+ Role Role

+ RowStatus RowStatus

+ UpdatedTs int64

+ type UserCreate struct

+ Email string

+ Name string

+ OpenID string

+ Password string

+ PasswordHash string

+ Role Role

+ type UserFind struct

+ Email *string

+ ID *int

+ Name *string

+ OpenID *string

+ Role *Role

+ RowStatus *RowStatus

+ type UserPatch struct

+ Email *string

+ ID int

+ Name *string

+ OpenID *string

+ Password *string

+ PasswordHash *string

+ ResetOpenID *bool

+ RowStatus *RowStatus