New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
go

github.com/xyproto/algernon

View on go registry
16 Total advisories
16 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-52792

Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename

HIGH 8.2
Go

CVE-2026-48126

Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir

MEDIUM 4.3
Go

CVE-2026-46430

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

CRITICAL 9.0
Go

CVE-2026-45721

Algernon: handler.lua discovery walks parent directories above the server root

MEDIUM 4.3
Go

CVE-2026-46431

Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

UNKNOWN
Go

CVE-2026-45721

Algernon: handler.lua discovery walks parent directories above the server root in github.com/xyproto/algernon

UNKNOWN
Go

CVE-2026-48126

Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir in github.com/xyproto/algernon

UNKNOWN
Go

CVE-2026-46430

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS in github.com/xyproto/algernon

UNKNOWN
Go

CVE-2026-46431

Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * in github.com/xyproto/algernon

MEDIUM 5.3
Go

GO-2026-5300

Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication

HIGH 7.5
Go

CVE-2026-45728

Algernon: Single-file mode unconditionally enables debug mode

UNKNOWN
Go

CVE-2026-45728

Algernon: Single-file mode unconditionally enables debug mode in github.com/xyproto/algernon

UNKNOWN
Go

GHSA-9v4j-7g44-qcqw

Algernon: Auto-refresh SSE event server binds to all interfaces with Access-Control-Allow-Origin: * and no authentication in github.com/xyproto/algernon

UNKNOWN
Go

CVE-2025-65754

Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon

UNKNOWN
Go

CVE-2025-65754

Algernon Cross-Site Scripting vulnerability

MEDIUM 6.1
Go

CVE-2023-26131

Algernon engine and themes vulnerable to Cross-site Scripting

Ready to move

Start Securing

Free, no credit card | First findings in minutes