VulnerableCode Package Details - pkg:golang/github.com/usememos/memos@0.25.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2z9w-axh8-ebh5	A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.	CVE-2025-65799 GHSA-qgjp-5g5x-vhq2
VCID-7p17-3vrq-pfch	Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.	CVE-2025-65795 GHSA-mg56-wc4q-rw4w
VCID-f72w-an2k-eudy	Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.	CVE-2025-65796 GHSA-8jcj-g9f4-qx42
VCID-jws9-cb9x-7bd7	Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.	CVE-2025-65798 GHSA-8p44-g572-557h
VCID-u661-g7wy-h3dv	Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).	CVE-2025-65797 GHSA-99m2-qwx6-2w6f

Vulnerability

Summary

Aliases

VCID-2z9w-axh8-ebh5

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

CVE-2025-65799
GHSA-qgjp-5g5x-vhq2

VCID-7p17-3vrq-pfch

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

CVE-2025-65795
GHSA-mg56-wc4q-rw4w

VCID-f72w-an2k-eudy

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

CVE-2025-65796
GHSA-8jcj-g9f4-qx42

VCID-jws9-cb9x-7bd7

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

CVE-2025-65798
GHSA-8p44-g572-557h

VCID-u661-g7wy-h3dv

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

CVE-2025-65797
GHSA-99m2-qwx6-2w6f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T07:53:27.155784+00:00	GithubOSV Importer	Fixing	VCID-2z9w-axh8-ebh5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-qgjp-5g5x-vhq2/GHSA-qgjp-5g5x-vhq2.json	38.6.0
2026-06-12T07:53:26.055503+00:00	GithubOSV Importer	Fixing	VCID-jws9-cb9x-7bd7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-8p44-g572-557h/GHSA-8p44-g572-557h.json	38.6.0
2026-06-12T07:53:21.949676+00:00	GithubOSV Importer	Fixing	VCID-7p17-3vrq-pfch	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-mg56-wc4q-rw4w/GHSA-mg56-wc4q-rw4w.json	38.6.0
2026-06-12T07:53:21.490501+00:00	GithubOSV Importer	Fixing	VCID-f72w-an2k-eudy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-8jcj-g9f4-qx42/GHSA-8jcj-g9f4-qx42.json	38.6.0
2026-06-12T07:53:16.299797+00:00	GithubOSV Importer	Fixing	VCID-u661-g7wy-h3dv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-99m2-qwx6-2w6f/GHSA-99m2-qwx6-2w6f.json	38.6.0