memos · threatengine.sh

CVE-2025-65799

all versions

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a p

4.3MEDIUM

CVE-2025-65797

all versions

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to

6.5MEDIUM

CVE-2025-65795

all versions

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary

7.5HIGH

CVE-2025-65798

all versions

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete atta

5.4MEDIUM

CVE-2025-65796

all versions

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made

4.3MEDIUM

CVE-2024-21635

<= 0.18.1

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user

7.5HIGH

CVE-2025-56761

all versions

Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. M

5.4MEDIUM

CVE-2025-56760

all versions

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a

4.3MEDIUM

CVE-2025-50738

<= 0.24.3

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a

9.8CRITICAL

CVE-2025-22952

all versions

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, wh

9.8CRITICAL

CVE-2023-0109

all versions

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an att

5.4MEDIUM

CVE-2024-41659

< 0.21.0

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arb

8.1HIGH

CVE-2024-29029

< 0.22.0

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that

6.1MEDIUM

CVE-2024-29030

>= 0.13.2 and < 0.22.0

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that

5.8MEDIUM

CVE-2024-29028

>= 0.13.2 and < 0.16.1

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta th

5.8MEDIUM

CVE-2023-5036

< 0.15.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

8.8HIGH

CVE-2023-4698

< 0.13.2

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

7.5HIGH

CVE-2023-4697

< 0.13.2

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.

8.8HIGH

CVE-2023-4696

< 0.13.2

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

9.8CRITICAL

CVE-2022-25978

all versions

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient chec

5.4MEDIUM

CVE-2023-0112

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2023-0111

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2023-0110

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2023-0108

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2023-0107

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2023-0106

< 0.10.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

5.4MEDIUM

CVE-2022-4866

< 0.9.1

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

9.0CRITICAL

CVE-2022-4865

< 0.9.1

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

9.0CRITICAL

CVE-2022-4863

< 0.9.1

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4851

< 0.9.1

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.

5.3MEDIUM

CVE-2022-4850

< 0.9.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4849

< 0.9.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4848

< 0.9.1

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

5.7MEDIUM

CVE-2022-4847

< 0.9.1

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4846

< 0.9.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4845

< 0.9.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4844

< 0.9.1

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

8.8HIGH

CVE-2022-4841

< 0.9.1

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

5.4MEDIUM

CVE-2022-4840

< 0.9.1

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

5.4MEDIUM

CVE-2022-4839

< 0.9.1

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

5.4MEDIUM

CVE-2022-4814

< 0.9.1

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4813

< 0.9.1

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4812

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4811

< 0.9.1

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before

8.3HIGH

CVE-2022-4810

< 0.9.1

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4809

< 0.9.1

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

8.8HIGH

CVE-2022-4808

< 0.9.1

Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.

8.8HIGH

CVE-2022-4807

< 0.9.1

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4806

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

5.3MEDIUM

CVE-2022-4805

< 0.9.1

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4804

< 0.9.1

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.

5.3MEDIUM

CVE-2022-4803

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

8.8HIGH

CVE-2022-4802

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

5.4MEDIUM

CVE-2022-4801

< 0.9.1

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

5.3MEDIUM

CVE-2022-4800

< 0.9.1

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4799

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

6.5MEDIUM

CVE-2022-4798

< 0.9.1

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

5.3MEDIUM

CVE-2022-4797

< 0.9.1

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.

4.3MEDIUM

CVE-2022-4796

< 0.9.1

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

8.1HIGH

CVE-2022-4767

< 0.9.1

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

7.5HIGH

CVE-2022-4734

< 0.9.1

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

8.1HIGH

CVE-2022-4695

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM

CVE-2022-4694

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM

CVE-2022-4691

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM

CVE-2022-4692

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM

CVE-2022-4690

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM

CVE-2022-4689

< 0.9.0

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

8.8HIGH

CVE-2022-4688

< 0.9.0

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

8.8HIGH

CVE-2022-4687

< 0.9.0

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

8.1HIGH

CVE-2022-4686

< 0.9.0

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

9.8CRITICAL

CVE-2022-4684

< 0.9.0

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

8.8HIGH

CVE-2022-4683

< 0.9.0

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

6.5MEDIUM

CVE-2022-4609

< 0.9.0

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

5.4MEDIUM