Browse all 64 CVE security advisories affecting usememos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
usememos is a lightweight, open-source note-taking platform designed for self-hosting, allowing users to manage personal knowledge and documents via a web interface. Despite its simplicity, the software has accumulated 64 Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into web pages viewed by other users, and Remote Code Execution (RCE) flaws that enable full system compromise. Additionally, privilege escalation issues have been documented, permitting unauthorized users to gain administrative access. These defects often stem from insufficient input validation and improper access control mechanisms within the application’s backend. While no single catastrophic incident has publicly defined the project’s reputation, the high volume of disclosed CVEs suggests a pattern of recurring security oversights that require rigorous patching and code review to mitigate risks for deployed instances.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6634 | usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization — memosCWE-285 | 6.3 | Medium | 2026-04-20 |
| CVE-2024-21635 | Memos Access Tokens Stay Valid after User Password Change — memosCWE-287 | 8.0 | - | 2025-11-14 |
| CVE-2024-41659 | GHSL-2024-034: memos CORS Misconfiguration in server.go — memosCWE-942 | 8.1 | High | 2024-08-20 |
| CVE-2024-29029 | memos vulnerable to an SSRF in /o/get/image — memosCWE-918 | 6.1 | Medium | 2024-04-19 |
| CVE-2024-29028 | memos vulnerable to an SSRF in /o/get/httpmeta — memosCWE-918 | 5.8 | Medium | 2024-04-19 |
| CVE-2024-29030 | memos vulnerable to an SSRF in /api/resource — memosCWE-918 | 5.8 | Medium | 2024-04-19 |
This page lists every published CVE security advisory associated with usememos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.