Go-shiori Shiori
2 CVEs affecting Go-shiori Shiori. Latest disclosed: 2026-07-13. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-61463 | High | 8.8 | 2026-07-13 | Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authoriza… |
CVE-2025-60538 | Medium | 6.5 | 2026-01-09 | A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. |