cbcvebase.

Github.Com Usememos Memos vulnerabilities

74 known vulnerabilities affecting github.com/usememos_memos.

Total CVEs
74
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH15MEDIUM54LOW1

Vulnerabilities

Page 3 of 4
CVE-2022-4806P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4806 [MEDIUM] CWE-284 usememos/memos Improper Access Control vulnerability usememos/memos Improper Access Control vulnerability An Improper Access Control vulnerability in usememos/memos 0.9.0 and prior can result in a user deleting others' public and private memos.
ghsaosv
CVE-2022-4798P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4798 [MEDIUM] CWE-285 usememos/memos Improper Authorization vulnerability usememos/memos Improper Authorization vulnerability usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
ghsaosv
CVE-2023-0109P4MEDIUM≥ 0, < 0.10.02024-11-15
CVE-2023-0109 [MEDIUM] CWE-79 Stored XSS using two files in usememos/memos Stored XSS using two files in usememos/memos A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from
ghsaosv
CVE-2022-4801P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4801 [MEDIUM] CWE-1220 usememos/memos has Insufficient Granularity of Access Control usememos/memos has Insufficient Granularity of Access Control usememos/memos 0.9.0 and prior allows an attacker to archive any user's public or private post.
ghsaosv
CVE-2023-0106P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0106 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0112P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0112 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2022-4848P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4848 [MEDIUM] CWE-940 usememos/memos vulnerable to Improper Verification of Source of a Communication Channel usememos/memos vulnerable to Improper Verification of Source of a Communication Channel Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2023-0108P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0108 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0110P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0110 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0111P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0111 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0107P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0107 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2025-65799P4MEDIUM≥ 0, < 0.25.32025-12-08
CVE-2025-65799 [MEDIUM] CWE-73 memos lacks file name validation or verification memos lacks file name validation or verification A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
ghsaosv
CVE-2022-4839P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4839 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4609P4MEDIUM≥ 0, ≤ 0.8.32022-12-19
CVE-2022-4609 [MEDIUM] CWE-79 Memos Cross-site Scripting vulnerability Memos Cross-site Scripting vulnerability Memos, an open-source, self-hosted memo hub, is vulnerable to stored Cross-site Scripting (XSS) in versions 0.8.3 and prior. A patch is available and anticipated to be part of version 0.9.0.
ghsaosv
CVE-2022-4691P4MEDIUM≥ 0, < 0.9.02022-12-27
CVE-2022-4691 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-4840P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4840 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4695P4MEDIUM≥ 0, < 0.9.02022-12-27
CVE-2022-4695 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-4841P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4841 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting usememos/memos vulnerable to stored Cross-site Scripting Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
ghsaosv
CVE-2022-4690P4MEDIUM≥ 0, < 0.9.02022-12-23
CVE-2022-4690 [MEDIUM] CWE-79 usememos/memos vulnerable to stored cross-site scripting (XSS) usememos/memos vulnerable to stored cross-site scripting (XSS) usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. This was patched in version 0.9.0.
ghsaosv
CVE-2022-4804P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4804 [MEDIUM] CWE-285 usememos/memos Improper Authorization vulnerability usememos/memos Improper Authorization vulnerability usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
ghsaosv
Github.Com Usememos Memos vulnerabilities | cvebase