Github.Com Usememos Memos vulnerabilities
74 known vulnerabilities affecting github.com/usememos_memos.
Total CVEs
74
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH15MEDIUM54LOW1
Vulnerabilities
Page 4 of 4
CVE-2022-4692P4MEDIUM≥ 0, < 0.9.02022-12-23
CVE-2022-4692 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-4694P4MEDIUM≥ 0, < 0.9.02022-12-27
CVE-2022-4694 [MEDIUM] CWE-79 usememos/memos vulnerable to stored Cross-site Scripting
usememos/memos vulnerable to stored Cross-site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
CVE-2022-25978P4MEDIUM≥ 0, < 0.10.4-0.20230211093429-b11d2130a0842023-02-15
CVE-2022-25978 [MEDIUM] CWE-79 Cross Site Scripting in usememos/memos
Cross Site Scripting in usememos/memos
All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
ghsaosv
CVE-2022-4851P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4851 [MEDIUM] CWE-229 sememos/memos vulnerable to Improper Handling of Values
sememos/memos vulnerable to Improper Handling of Values
In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user's memos page via POST request.
ghsaosv
CVE-2025-65796P4MEDIUM≥ 0, < 0.25.32025-12-08
CVE-2025-65796 [MEDIUM] CWE-284 memos vulnerability allows arbitrarily reactions deletion
memos vulnerability allows arbitrarily reactions deletion
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
ghsaosv
CVE-2022-4807P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4807 [MEDIUM] CWE-284 usememos/memos Improper Access Control vulnerability
usememos/memos Improper Access Control vulnerability
In usememos/memos 0.9.0 and prior, users can edit and delete all other users' shortcuts.
ghsaosv
CVE-2022-4814P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4814 [MEDIUM] CWE-284 usememos/memos Improper Access Control vulnerability
usememos/memos Improper Access Control vulnerability
Improper Access Control in GitHub repository usememos/memos 0.9.0 and prior.
ghsaosv
CVE-2022-4813P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4813 [MEDIUM] CWE-1220 usememos/memos has Insufficient Granularity of Access Control
usememos/memos has Insufficient Granularity of Access Control
An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives.
ghsaosv
CVE-2022-4810P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4810 [MEDIUM] CWE-284 usememos/memos Improper Access Control vulnerability
usememos/memos Improper Access Control vulnerability
In usememos/memos 0.9.0 and prior, a user can view any content from private memos from other users via the API.
ghsaosv
CVE-2022-4797P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4797 [MEDIUM] CWE-307 usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
In usememos/memos 0.9.0 and prior, an attacker can delete other users' posts via post id, which can be done via brute force.
ghsaosv
CVE-2022-4805P4MEDIUM≥ 0, < 0.9.12022-12-28
CVE-2022-4805 [MEDIUM] CWE-648 usememos/memos Incorrect Use of Privileged APIs vulnerability
usememos/memos Incorrect Use of Privileged APIs vulnerability
In usememos/memos 0.9.0 and prior, a user can archive any private memos, delete any shortcut, and edit any shortcut from other users via API.
ghsaosv
CVE-2022-4734P4MEDIUM≥ 0, < 0.9.12022-12-27
CVE-2022-4734 [MEDIUM] CWE-200 usememos/memos may leak user information to an authenticated user
usememos/memos may leak user information to an authenticated user
usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the `main` branch.
ghsaosv
CVE-2022-4845P4MEDIUM≥ 0, < 0.9.12022-12-29
CVE-2022-4845 [MEDIUM] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1
ghsaosv
CVE-2022-4685MEDIUM≥ 0, < 0.9.02022-12-23
CVE-2022-4685 [MEDIUM] CWE-284 usememos/memos vulnerable to improper access control
usememos/memos vulnerable to improper access control
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
ghsaosv
← Previous4 / 4