VYPR

Go modules package

github.com/usememos/memos

pkg:golang/github.com/usememos/memos

Vulnerabilities (74)

  • CVE-2022-25978MedFeb 15, 2023
    affected < 0.10.4-0.20230211093429-b11d2130a084fixed 0.10.4-0.20230211093429-b11d2130a084

    All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

  • CVE-2023-0112MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2023-0111MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2023-0110MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2023-0108MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2023-0107MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2023-0106MedJan 7, 2023
    affected < 0.10.0fixed 0.10.0

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

  • CVE-2022-4866CriDec 31, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4865CriDec 31, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4863MedDec 30, 2022
    affected < 0.9.1fixed 0.9.1

    Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4851MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4850MedDec 29, 2022
    affected <= 0.9.0

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4849MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4848MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4847MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4846MedDec 29, 2022
    affected <= 0.9.0

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4845MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4844HigDec 29, 2022
    affected <= 0.9.0

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4841MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4840MedDec 29, 2022
    affected < 0.9.1fixed 0.9.1

    Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.