16 Total advisories
16 Vulnerabilities
0 Malware
Vulnerabilities
UNKNOWN
CVE-2026-52792
Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename
HIGH 8.2
CVE-2026-48126
Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir
MEDIUM 4.3
CVE-2026-46430
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
CRITICAL 9.0
CVE-2026-45721
Algernon: handler.lua discovery walks parent directories above the server root
MEDIUM 4.3
CVE-2026-46431
Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *
UNKNOWN
CVE-2026-45721
Algernon: handler.lua discovery walks parent directories above the server root in github.com/xyproto/algernon
UNKNOWN
CVE-2026-48126
Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir in github.com/xyproto/algernon
UNKNOWN
CVE-2026-46430
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS in github.com/xyproto/algernon
UNKNOWN
CVE-2026-46431
Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * in github.com/xyproto/algernon
MEDIUM 5.3
GO-2026-5300
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication
HIGH 7.5
CVE-2026-45728
Algernon: Single-file mode unconditionally enables debug mode
UNKNOWN
CVE-2026-45728
Algernon: Single-file mode unconditionally enables debug mode in github.com/xyproto/algernon
UNKNOWN
GHSA-9v4j-7g44-qcqw
Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication in github.com/xyproto/algernon
UNKNOWN
CVE-2025-65754
Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon
UNKNOWN
CVE-2025-65754
Algernon Cross-Site Scripting vulnerability
MEDIUM 6.1
CVE-2023-26131
Algernon engine and themes vulnerable to Cross-site Scripting
Ready to move
Start Securing
Free, no credit card | First findings in minutes