Github.Com Usememos Memos vulnerabilities
74 known vulnerabilities affecting github.com/usememos_memos.
Total CVEs
74
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH15MEDIUM54LOW1
Vulnerabilities
Page 2 of 4
CVE-2023-5036P3HIGH≥ 0, < 0.15.12023-09-18
CVE-2023-5036 [HIGH] CWE-352 Cross-Site Request Forgery (CSRF) in usememos/memos
Cross-Site Request Forgery (CSRF) in usememos/memos
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
ghsaosv
CVE-2022-4844P3HIGH≥ 0, ≤ 0.9.02022-12-29
CVE-2022-4844 [HIGH] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4866P4CRITICAL≥ 0, < 0.9.12022-12-31
CVE-2022-4866 [CRITICAL] CWE-79 usememos/memos vulnerable to Cross-site Scripting
usememos/memos vulnerable to Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
ghsaosv
CVE-2022-4865P4CRITICAL≥ 0, < 0.9.12022-12-31
CVE-2022-4865 [CRITICAL] CWE-79 usememos/memos Cross-site Scripting vulnerability
usememos/memos Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
ghsaosv
CVE-2022-4812P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4812 [MEDIUM] CWE-595 usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2025-65797P4MEDIUM≥ 0, < 0.25.32025-12-08
CVE-2025-65797 [MEDIUM] CWE-284 memos vulnerability allows arbitrarily modification or deletion registered identity providers
memos vulnerability allows arbitrarily modification or deletion registered identity providers
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
ghsaosv
CVE-2022-4799P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4799 [MEDIUM] CWE-287 usememos/memos Improper Authentication vulnerability
usememos/memos Improper Authentication vulnerability
usememos/memos 0.9.0 and prior is vulnerable to Improper Authentication.
ghsaosv
CVE-2022-4767P4HIGH≥ 0, < 0.9.12022-12-27
CVE-2022-4767 [HIGH] CWE-400 usememos/memos Denial of Service vulnerability
usememos/memos Denial of Service vulnerability
Denial of Service in GitHub repository usememos/memos 0.9.0 and prior. A patch is available on the `main` branch at commit number f888c628408501daf639de07b90a72ab443b0f4c.
ghsaosv
CVE-2025-65798P4MEDIUM≥ 0, < 0.25.32025-12-08
CVE-2025-65798 [MEDIUM] CWE-284 memos vulnerability allows arbitrarily modification or deletion of attachments
memos vulnerability allows arbitrarily modification or deletion of attachments
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
ghsaosv
CVE-2022-4863P4MEDIUM≥ 0, < 0.9.12022-12-30
CVE-2022-4863 [MEDIUM] CWE-280 usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
ghsaosv
CVE-2022-4683P4MEDIUM≥ 0, < 0.9.02022-12-23
CVE-2022-4683 [MEDIUM] CWE-311 usememos/memos missing Secure cookie attribute
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.
ghsaosv
CVE-2025-56760P4MEDIUM≥ 0, ≤ 0.22.02025-09-04
CVE-2025-56760 [MEDIUM] CWE-24 Memos Vulnerable to Path Traversal via the CreateResource Endpoint
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
ghsaosv
CVE-2022-4811P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4811 [MEDIUM] CWE-285 usememos/memos Improper Authorization vulnerability
usememos/memos Improper Authorization vulnerability
In usememos/memos 0.9.0 and prior, an unauthorized user can access any private memo by URL hacking a memo on the editing screen.
ghsaosv
CVE-2022-4849P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4849 [MEDIUM] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4850P4MEDIUM≥ 0, ≤ 0.9.02022-12-29
CVE-2022-4850 [MEDIUM] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2025-56761P4MEDIUM≥ 0, ≤ 0.22.02025-09-04
CVE-2025-56761 [MEDIUM] CWE-79 Memos Vulnerable to Stored Cross-Site Scripting
Memos Vulnerable to Stored Cross-Site Scripting
Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XSS is viewed by an admin.
ghsaosv
CVE-2022-4847P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4847 [MEDIUM] CWE-941 usememos/memos has Incorrectly Specified Destination in a Communication Channel
usememos/memos has Incorrectly Specified Destination in a Communication Channel
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4800P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4800 [MEDIUM] CWE-940 usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
usememos/memos 0.9.0 and prior is vulnerable to Improper Verification of Source of a Communication Channel.
ghsaosv
CVE-2022-4802P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4802 [MEDIUM] CWE-285 usememos/memos vulnerable to Improper Authorization
usememos/memos vulnerable to Improper Authorization
usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
ghsaosv
CVE-2022-4846P4MEDIUM≥ 0, ≤ 0.9.02022-12-29
CVE-2022-4846 [MEDIUM] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv