usememos CVE Vulnerabilities & Metrics

Focus on usememos vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About usememos Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with usememos. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total usememos CVEs: 60
Earliest CVE date: 19 Dec 2022, 12:15 UTC
Latest CVE date: 15 Nov 2024, 11:15 UTC

Latest CVE reference: CVE-2023-0109

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical usememos CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 60
4.0-6.9 0
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS usememos CVEs

These are the five CVEs with the highest CVSS scores for usememos, sorted by severity first and recency.

All CVEs for usememos

CVE-2023-0109 usememos vulnerability CVSS: 0 15 Nov 2024, 11:15 UTC

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

CVE-2024-29029 usememos vulnerability CVSS: 0 19 Apr 2024, 16:15 UTC

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.

CVE-2023-5036 usememos vulnerability CVSS: 0 18 Sep 2023, 06:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CVE-2023-4698 usememos vulnerability CVSS: 0 01 Sep 2023, 01:15 UTC

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

CVE-2023-4697 usememos vulnerability CVSS: 0 01 Sep 2023, 01:15 UTC

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.

CVE-2023-4696 usememos vulnerability CVSS: 0 01 Sep 2023, 01:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

CVE-2022-25978 usememos vulnerability CVSS: 0 15 Feb 2023, 05:15 UTC

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

CVE-2023-0112 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0111 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0110 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0108 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0107 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0106 usememos vulnerability CVSS: 0 07 Jan 2023, 04:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2022-4866 usememos vulnerability CVSS: 0 31 Dec 2022, 09:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4865 usememos vulnerability CVSS: 0 31 Dec 2022, 09:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4863 usememos vulnerability CVSS: 0 30 Dec 2022, 16:15 UTC

Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4851 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4850 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4849 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4848 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4847 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4846 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4845 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4844 usememos vulnerability CVSS: 0 29 Dec 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4841 usememos vulnerability CVSS: 0 29 Dec 2022, 17:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4840 usememos vulnerability CVSS: 0 29 Dec 2022, 17:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4839 usememos vulnerability CVSS: 0 29 Dec 2022, 17:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4814 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4813 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4812 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4811 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.

CVE-2022-4810 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4809 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4808 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4807 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4806 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4805 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4804 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4803 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4802 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4801 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4800 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4799 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4798 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4797 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4796 usememos vulnerability CVSS: 0 28 Dec 2022, 14:15 UTC

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4767 usememos vulnerability CVSS: 0 27 Dec 2022, 15:15 UTC

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4734 usememos vulnerability CVSS: 0 27 Dec 2022, 15:15 UTC

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4695 usememos vulnerability CVSS: 0 27 Dec 2022, 15:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4694 usememos vulnerability CVSS: 0 27 Dec 2022, 15:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4691 usememos vulnerability CVSS: 0 27 Dec 2022, 15:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4692 usememos vulnerability CVSS: 0 23 Dec 2022, 20:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4690 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4689 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4688 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4687 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4686 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4684 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4683 usememos vulnerability CVSS: 0 23 Dec 2022, 12:15 UTC

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CVE-2022-4609 usememos vulnerability CVSS: 0 19 Dec 2022, 12:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.