VYPR

Go modules package

github.com/xyproto/algernon

pkg:golang/github.com/xyproto/algernon

Vulnerabilities (3)

  • CVE-2026-48126HigMay 26, 2026
    affected < 1.17.8fixed 1.17.8

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the v

  • CVE-2025-65754Dec 10, 2025
    affected < 1.17.5fixed 1.17.5

    Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename.

  • CVE-2023-26131MedMay 31, 2023
    affected <= 1.15.2

    All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vul