pkg:Go/github.com/knadh/listmonk

7 total CVEsCRITICAL2HIGH1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.0CVE-2025-49136listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
    >= 4.0.0, < 5.0.2
  • CRITICAL9.0CVE-2025-49136listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
    from 0
  • HIGH7.1CVE-2026-34828listmonk's active sessions remain valid after password reset and password change
    >= 1.1.1-0.20241028090858-319053dd7a90, < 1.1.1-0.20260329113754-1b5e8d38c778
  • CVE-2026-21483listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover
    from 0, < 1.1.1-0.20251231125615-74dc5a01cfbb
  • CVE-2026-21483listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover
    >= 1.1.1, < 6.0.0
  • CVE-2025-58430listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk
    from 0, <= 1.1.0
  • CVE-2025-58430listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover in github.com/knadh/listmonk
    from 0