Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Published: Apr 19, 2024
Updated: Jul 8, 2025
CVE: CVE-2024-29028
GHSA: GHSA-6fcf-g3mp-xj2x
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
github.com/usememos/memos	-	0.16.1
usememos / memos	0.13.2	0.16.1

https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9
https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo