github.com/knadh/listmonk
Go4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/knadh/listmonkpage 1 of 1
- CVE-2025-49136CRITICALCVSS 9.0EG 9.02025-06-09
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env va…
- CVE-2025-58430MEDIUMCVSS 6.1EG 6.12025-09-09
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validate…
- CVE-2026-21483MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.1.1-0.20251231125615-74dc5a01cfbb2026-01-02
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privi…
- CVE-2026-34828HIGHCVSS 7.1EG 7.1✓ Fixed in 1.1.1-0.20260329113754-1b5e8d38c7782026-04-02
listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive acco…
Check whether github.com/knadh/listmonk is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/knadh/listmonk CVEs against the assets you own.
Start Free Scan →