Affected by GO-2025-4228
and 7 other vulnerabilities
GO-2025-4228: Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon
GO-2026-5300: Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication in github.com/xyproto/algernon
GO-2026-5385: Algernon: Single-file mode unconditionally enables debug mode in github.com/xyproto/algernon
GO-2026-5401: Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS in github.com/xyproto/algernon
GO-2026-5440: Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * in github.com/xyproto/algernon
GO-2026-5460: Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir in github.com/xyproto/algernon
GO-2026-5772: Algernon: handler.lua discovery walks parent directories above the server root in github.com/xyproto/algernon
GO-2026-5903: Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename in github.com/xyproto/algernon