Go modules package

github.com/usememos/memos

pkg:golang/github.com/usememos/memos

Vulnerabilities (74)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-25978	—	< 0.10.4-0.20230211093429-b11d2130a084	0.10.4-0.20230211093429-b11d2130a084	Feb 15, 2023	All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2023-0112	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0111	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0110	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0108	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0107	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0106	—	< 0.10.0	0.10.0	Jan 7, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4866	—	< 0.9.1	0.9.1	Dec 31, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4865	—	< 0.9.1	0.9.1	Dec 31, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4863	—	< 0.9.1	0.9.1	Dec 30, 2022	Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4851	—	< 0.9.1	0.9.1	Dec 29, 2022	Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4850	—	<= 0.9.0	—	Dec 29, 2022	Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4849	—	< 0.9.1	0.9.1	Dec 29, 2022	Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4848	—	< 0.9.1	0.9.1	Dec 29, 2022	Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4847	—	< 0.9.1	0.9.1	Dec 29, 2022	Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4846	—	<= 0.9.0	—	Dec 29, 2022	Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4845	—	< 0.9.1	0.9.1	Dec 29, 2022	Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4844	—	<= 0.9.0	—	Dec 29, 2022	Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4841	—	< 0.9.1	0.9.1	Dec 29, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4840	—	< 0.9.1	0.9.1	Dec 29, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-25978Feb 15, 2023
affected < 0.10.4-0.20230211093429-b11d2130a084fixed 0.10.4-0.20230211093429-b11d2130a084
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2023-0112Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0111Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0110Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0108Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0107Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0106Jan 7, 2023
affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2022-4866Dec 31, 2022
affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4865Dec 31, 2022
affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4863Dec 30, 2022
affected < 0.9.1fixed 0.9.1
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4851Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4850Dec 29, 2022
affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4849Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4848Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4847Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4846Dec 29, 2022
affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4845Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4844Dec 29, 2022
affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4841Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4840Dec 29, 2022
affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

Page 2 of 4