github.com/usememos/memos/server vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the github.com/usememos/memos/server package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<0.10.0
H Overly Permissive CORS	<0.22.0
H Improper Privilege Management	<0.13.2
C Access Restriction Bypass	<0.13.2
H Improper Input Validation	<0.13.2
M Cross-site Scripting (XSS)	<0.11.0
M Cross-site Scripting (XSS)	<0.10.0
M Cross-site Scripting (XSS)	<0.10.0
M Cross-site Scripting (XSS)	<0.10.0
H Cross-site Scripting (XSS)	<0.10.0
L Denial of Service (DoS)	<0.9.1
H Incorrectly Specified Destination in a Communication Channel	<0.9.1
C Improper Handling of Values	<0.9.1
M Cross-site Request Forgery (CSRF)	<0.9.1
M Cross-site Request Forgery (CSRF)	<0.9.1
M Cross-site Request Forgery (CSRF)	<0.9.1
M Cross-site Request Forgery (CSRF)	<0.9.1
H Cross-site Request Forgery (CSRF)	<0.9.1
H Improper Verification of Source of a Communication Channel	<0.9.1
M Improper Authentication	<0.9.1
M Improper Authentication	<0.9.1
M Access Restriction Bypass	<0.9.1
M Authorization Bypass	<0.9.1
M Access Restriction Bypass	<0.9.1
H Improper Verification of Source of a Communication Channel	<0.9.1
H Access Control Bypass	<0.9.1
H Comparison of Object References Instead of Object Contents	<0.9.1
H Insufficient Granularity of Access Control	<0.9.1
H Improper Authorization	<0.9.1
H Improper Authorization	<0.9.1
H Incorrect Use of Privileged APIs	<0.9.1
H Access Control Bypass	<0.9.1
M Improper Privilege Management	<0.9.1
H Access Control Bypass	<0.9.1
M Cross-site Scripting (XSS)	<0.9.0
M Improper Authentication	<0.9.1
M Information Exposure	<0.9.1
H Denial of Service (DoS)	<0.9.1
M Cross-site Scripting (XSS)	<0.9.0
M Sensitive Cookie in HTTPS Session Without "Secure" Attribute	<0.9.0
H Cross-site Scripting (XSS)	<0.9.0
M Cross-site Scripting (XSS)	<0.9.0

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

<0.10.0

Overly Permissive CORS

<0.22.0

Improper Privilege Management

<0.13.2

Access Restriction Bypass

<0.13.2

Improper Input Validation

<0.13.2