github.com/xyproto/algernon (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/xyproto/algernon, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-45721 — CVSS 9.0 (critical): Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a…
CVE-2026-48126 — CVSS 8.2 (high): Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which…
CVE-2026-45728 — CVSS 7.5 (high): Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a…
CVE-2025-65754 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a…
CVE-2023-26131 — CVSS 5.4 (medium): All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are…
CVE-2026-46430 — CVSS 4.3 (medium): Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by…
CVE-2026-46431 — CVSS 4.3 (medium): Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header…