VYPR

Go modules package

github.com/knadh/listmonk

pkg:golang/github.com/knadh/listmonk

Vulnerabilities (4)

  • CVE-2026-34828HigApr 2, 2026
    affected >= 1.1.1-0.20241028090858-319053dd7a90, < 1.1.1-0.20260329113754-1b5e8d38c778fixed 1.1.1-0.20260329113754-1b5e8d38c778

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically passwo

  • CVE-2026-21483Jan 2, 2026
    affected >= 1.1.1, < 6.0.0fixed 6.0.0

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or preview

  • CVE-2025-58430Sep 9, 2025
    affected <= 1.1.0

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend, removing `nonce` allows

  • CVE-2025-49136Jun 9, 2025
    affected >= 4.0.0, < 5.0.2fixed 5.0.2

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a