GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5 advisories
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
Critical
CVE-2026-44523
was published
for
github.com/enchant97/note-mark/backend
(Go)
May 7, 2026
Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
High
CVE-2026-44522
was published
for
github.com/enchant97/note-mark/backend
(Go)
May 7, 2026
Note Mark has Broken Access Control on Asset Download
Moderate
CVE-2026-40265
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
Low
CVE-2026-40263
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
Note Mark has Stored XSS via Unrestricted Asset Upload
High
CVE-2026-40262
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
ProTip!
Advisories are also available from the
GraphQL API