Usememos Memos
6 CVEs affecting Usememos Memos. Latest disclosed: 2026-04-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41659 | High | 8.1 | 2024-08-20 | memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected wi… |
CVE-2026-6634 | Medium | 6.3 | 2026-04-20 | A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInst… |
CVE-2024-29029 | Medium | 6.1 | 2024-04-19 | memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users… |
CVE-2024-29028 | Medium | 5.8 | 2024-04-19 | memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated use… |
CVE-2024-29030 | Medium | 5.8 | 2024-04-19 | memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users t… |
CVE-2024-21635 | | 2025-11-14 | Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the e… |