Package impact
Go / github.com/enchant97/note-mark/backend
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44523 | critical | 10.0 | 10.0 | 14d ago | Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery | |||
| CVE-2026-41571 | critical | 9.4 | 9.4 | 24d ago | Note Mark: OIDC-registered users authenticated by submitting password "null" | |||
| CVE-2026-44522 | high | — | 8.0 | 14d ago | Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution | |||
| CVE-2026-41572 | medium | 5.3 | 5.3 | 24d ago | Note Mark: Unauthenticated read of notes and assets in soft-deleted public books |