In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via `API DELETE https://demo.usememos.com/api/memo/$idnote`. The vulnerability will lose all user notes data throughout the system, causing damage to user data.

Affected Packages

Go github.com/usememos/memos

Affected versions: 0 (fixed in 0.9.1)

Related CVEs

CVE-2022-4796

Key Information

GHSA ID

GHSA-ghx2-6v4g-9wmm

Published

December 28, 2022 3:30 PM

Last Modified

January 10, 2023 3:45 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/usememos/memos

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.