Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

usememos — Vulnerabilities & Security Advisories 64

Browse all 64 CVE security advisories affecting usememos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

usememos is a lightweight, open-source note-taking platform designed for self-hosting, allowing users to manage personal knowledge and documents via a web interface. Despite its simplicity, the software has accumulated 64 Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into web pages viewed by other users, and Remote Code Execution (RCE) flaws that enable full system compromise. Additionally, privilege escalation issues have been documented, permitting unauthorized users to gain administrative access. These defects often stem from insufficient input validation and improper access control mechanisms within the application’s backend. While no single catastrophic incident has publicly defined the project’s reputation, the high volume of disclosed CVEs suggests a pattern of recurring security oversights that require rigorous patching and code review to mitigate risks for deployed instances.

Top products by usememos: usememos/memos memos
CVE IDTitleCVSSSeverityPublished
CVE-2022-4851 Improper Handling of Values in usememos/memos — usememos/memosCWE-229 4.3 -2022-12-29
CVE-2022-4814 Improper Access Control in usememos/memos — usememos/memosCWE-284 4.3 -2022-12-28
CVE-2022-4813 Insufficient Granularity of Access Control in usememos/memos — usememos/memosCWE-1220 4.3 -2022-12-28
CVE-2022-4796 Incorrect Use of Privileged APIs in usememos/memos — usememos/memosCWE-648 8.1 -2022-12-28
CVE-2022-4797 Improper Restriction of Excessive Authentication Attempts in usememos/memos — usememos/memosCWE-307 7.5 -2022-12-28
CVE-2022-4798 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4799 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4800 Improper Verification of Source of a Communication Channel in usememos/memos — usememos/memosCWE-940 6.5 -2022-12-28
CVE-2022-4801 Insufficient Granularity of Access Control in usememos/memos — usememos/memosCWE-1220 4.3 -2022-12-28
CVE-2022-4802 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4803 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4804 Improper Authorization in usememos/memos — usememos/memosCWE-285 4.3 -2022-12-28
CVE-2022-4806 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4807 Improper Access Control in usememos/memos — usememos/memosCWE-284 4.3 -2022-12-28
CVE-2022-4808 Improper Privilege Management in usememos/memos — usememos/memosCWE-269 8.1 -2022-12-28
CVE-2022-4809 Improper Access Control in usememos/memos — usememos/memosCWE-284 4.3 -2022-12-28
CVE-2022-4810 Improper Access Control in usememos/memos — usememos/memosCWE-284 4.3 -2022-12-28
CVE-2022-4811 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 8.3 High2022-12-28
CVE-2022-4812 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 4.3 -2022-12-28
CVE-2022-4805 Incorrect Use of Privileged APIs in usememos/memos — usememos/memosCWE-648 8.1 -2022-12-28
CVE-2022-4767 Denial of Service in usememos/memos — usememos/memosCWE-400 7.5 -2022-12-27
CVE-2022-4734 Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos — usememos/memosCWE-212 8.1 High2022-12-25
CVE-2022-4683 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos — usememos/memosCWE-614 5.3 -2022-12-23
CVE-2022-4684 Improper Access Control in usememos/memos — usememos/memosCWE-284 5.4 -2022-12-23
CVE-2022-4686 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memosCWE-639 9.1 -2022-12-23
CVE-2022-4687 Incorrect Use of Privileged APIs in usememos/memos — usememos/memosCWE-648 8.1 -2022-12-23
CVE-2022-4688 Improper Authorization in usememos/memos — usememos/memosCWE-285 5.4 -2022-12-23
CVE-2022-4689 Improper Access Control in usememos/memos — usememos/memosCWE-284 5.4 -2022-12-23
CVE-2022-4690 Cross-site Scripting (XSS) - Stored in usememos/memos — usememos/memosCWE-79 5.4 -2022-12-23
CVE-2022-4691 Cross-site Scripting (XSS) - Stored in usememos/memos — usememos/memosCWE-79 5.4 -2022-12-23

This page lists every published CVE security advisory associated with usememos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.