github.com/enchant97/note-mark/backend

Go7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/enchant97/note-mark/backendpage 1 of 1

CVE-2026-40262HIGHCVSS 8.7EG 8.7✓ Fixed in 0.0.0-20260411145018-6bb62842ccb9
2026-04-17
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such…
CVE-2026-40263LOWCVSS 3.7EG 3.7✓ Fixed in 0.19.2-0.20260411145025-cf4c6f6acf70
2026-04-17
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timin…
CVE-2026-40265MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.0.0-20260411145023-6593898855ad
2026-04-17
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware, and the backend query does not verify o…
CVE-2026-41571CRITICALCVSS 9.4EG 9.4✓ Fixed in 0.0.0-20260417132909-dea5530cc989
2026-05-04
Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored password. OIDC-registered users are created…
CVE-2026-41572MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.0.0-20260417132843-d1bf845a2a2d
2026-05-04
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and th…
CVE-2026-44522HIGHCVSS 8.6EG 8.6✓ Fixed in 0.0.0-20260501152243-db3f72bff780
2026-05-14
Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, where the asset filename is provided thr…
CVE-2026-44523CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.0.0-20260501152247-18b587758667
2026-05-14
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets…

Check whether github.com/enchant97/note-mark/backend is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/enchant97/note-mark/backend CVEs against the assets you own.

Start Free Scan →