github.com/xyproto/algernon
Go6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/xyproto/algernonpage 1 of 1
- CVE-2023-26131MEDIUMCVSS 5.4EG 6.12023-05-31
All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper use…
- CVE-2025-65754MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.17.52025-12-10
Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename.
- CVE-2026-45721CRITICALCVSS 9.0EG 9.0✓ Fixed in 1.17.72026-05-19
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured ser…
- CVE-2026-45728HIGHCVSS 7.5EG 7.5✓ Fixed in 1.17.72026-05-19
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the Prett…
- CVE-2026-46430MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.17.72026-05-20
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows…
- CVE-2026-46431MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.17.72026-05-20
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard * regardless of the caller's Origin. Because EventSource does not pref…
Check whether github.com/xyproto/algernon is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/xyproto/algernon CVEs against the assets you own.
Start Free Scan →