Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/enchant97/note-mark/backend

View on go registry
7 Total advisories
7 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-44522

Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
CRITICAL 10.0
Go

CVE-2026-44523

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
CRITICAL 9.4
Go

CVE-2026-41571

Note Mark: OIDC-registered users authenticated by submitting password "null"
MEDIUM 5.3
Go

CVE-2026-41572

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
LOW 3.7
Go

CVE-2026-40263

Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
MEDIUM 5.9
Go

CVE-2026-40265

Note Mark has Broken Access Control on Asset Download
HIGH 8.7
Go

CVE-2026-40262

Note Mark has Stored XSS via Unrestricted Asset Upload

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes