VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/gohugoio/hugo

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44301 high 8.1 8.1 16d ago Hugo's Node tool execution allows file system access outside the project directory debiangolang
CVE-2020-26284 medium 5.5 5y ago Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%… archdebiangolang
CVE-2026-35166 unknown 2mo ago Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or… debiansusegolang
CVE-2024-55601 unknown 2y ago Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks… debiangolang
CVE-2024-32875 unknown 2y ago Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are im… debiangolang