Gohugoio Hugo
5 CVEs affecting Gohugoio Hugo. Latest disclosed: 2026-05-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44301 | High | 8.1 | 2026-05-12 | Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hug… |
CVE-2020-26284 | High | 7.7 | 2020-12-21 | Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if t… |
CVE-2024-32875 | Medium | 6.1 | 2024-04-23 | Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in inte… |
CVE-2026-35166 | | 2026-04-06 | Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo u… | |
CVE-2024-55601 | | 2024-12-09 | Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed be… |