Github.Com Usememos Memos vulnerabilities
74 known vulnerabilities affecting github.com/usememos_memos.
Total CVEs
74
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH15MEDIUM54LOW1
Vulnerabilities
Page 3 of 4
CVE-2022-4806P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4806 [MEDIUM] CWE-284 usememos/memos Improper Access Control vulnerability
usememos/memos Improper Access Control vulnerability
An Improper Access Control vulnerability in usememos/memos 0.9.0 and prior can result in a user deleting others' public and private memos.
ghsaosv
CVE-2022-4798P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4798 [MEDIUM] CWE-285 usememos/memos Improper Authorization vulnerability
usememos/memos Improper Authorization vulnerability
usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
ghsaosv
CVE-2023-0109P4MEDIUM≥ 0, < 0.10.02024-11-15
CVE-2023-0109 [MEDIUM] CWE-79 Stored XSS using two files in usememos/memos
Stored XSS using two files in usememos/memos
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from
ghsaosv
CVE-2022-4801P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4801 [MEDIUM] CWE-1220 usememos/memos has Insufficient Granularity of Access Control
usememos/memos has Insufficient Granularity of Access Control
usememos/memos 0.9.0 and prior allows an attacker to archive any user's public or private post.
ghsaosv
CVE-2023-0106P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0106 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0112P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0112 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2022-4848P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4848 [MEDIUM] CWE-940 usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2023-0108P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0108 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0110P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0110 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0111P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0111 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2023-0107P4MEDIUM≥ 0, < 0.10.02023-01-07
CVE-2023-0107 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
ghsaosv
CVE-2025-65799P4MEDIUM≥ 0, < 0.25.32025-12-08
CVE-2025-65799 [MEDIUM] CWE-73 memos lacks file name validation or verification
memos lacks file name validation or verification
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
ghsaosv
CVE-2022-4839P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4839 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4609P4MEDIUM≥ 0, ≤ 0.8.32022-12-19
CVE-2022-4609 [MEDIUM] CWE-79 Memos Cross-site Scripting vulnerability
Memos Cross-site Scripting vulnerability
Memos, an open-source, self-hosted memo hub, is vulnerable to stored Cross-site Scripting (XSS) in versions 0.8.3 and prior. A patch is available and anticipated to be part of version 0.9.0.
ghsaosv
CVE-2022-4691P4MEDIUM≥ 0, < 0.9.02022-12-27
CVE-2022-4691 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-4840P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4840 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4695P4MEDIUM≥ 0, < 0.9.02022-12-27
CVE-2022-4695 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-4841P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4841 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
ghsaosv
CVE-2022-4690P4MEDIUM≥ 0, < 0.9.02022-12-23
CVE-2022-4690 [MEDIUM] CWE-79 usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. This was patched in version 0.9.0.
ghsaosv
CVE-2022-4804P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4804 [MEDIUM] CWE-285 usememos/memos Improper Authorization vulnerability
usememos/memos Improper Authorization vulnerability
usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization.
ghsaosv