pkg:Go/github.com/enchant97/note-mark/backend

7 total CVEsCRITICAL2HIGH1MEDIUM2LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-44523Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
    from 0, < 0.0.0-20260501152247-18b587758667
  • CRITICAL9.4CVE-2026-41571Note Mark: OIDC-registered users authenticated by submitting password "null"
    from 0, < 0.0.0-20260417132909-dea5530cc989
  • HIGH8.7CVE-2026-40262Note Mark has Stored XSS via Unrestricted Asset Upload
    from 0, < 0.0.0-20260411145018-6bb62842ccb9
  • MEDIUM5.9CVE-2026-40265Note Mark has Broken Access Control on Asset Download
    from 0, < 0.0.0-20260411145023-6593898855ad
  • MEDIUM5.3CVE-2026-41572Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
    from 0, < 0.0.0-20260417132843-d1bf845a2a2d
  • LOW3.7CVE-2026-40263Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
    from 0, < 0.19.2-0.20260411145025-cf4c6f6acf70
  • CVE-2026-44522Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
    from 0, < 0.0.0-20260501152243-db3f72bff780