CVE-2024-29029

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current s...

CVE-2023-0107

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2022-4850

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4810

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4846

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-25978

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

CVE-2022-4845

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4683

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.