github.com/lin-snow/ech0 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-FPW6-HRG5-Q5X5Highgithub.com/lin-snow/Ech0: ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist…GHSA-P64J-F4X9-WQ66Highgithub.com/lin-snow/Ech0: Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theftGHSA-8MC6-XJPR-H98XHighgithub.com/lin-snow/ech0: Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfoGHSA-PJ6Q-4VQ4-R8CGMediumgithub.com/lin-snow/Ech0: Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_countGHSA-RGJ7-VG8V-J4WRMediumgithub.com/lin-snow/ech0: Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric InflationGHSA-3V85-FQVH-7RXFMediumgithub.com/lin-snow/Ech0: Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribersGHSA-RJ4G-RQGH-RX9HMediumgithub.com/lin-snow/Ech0: Ech0 comment model's Email field returned on public /api/comments endpointsGHSA-69HX-63PV-F8F4Mediumgithub.com/lin-snow/ech0: Ech0 has Stored XSS via SVG Upload and Content-Type Validation Bypass in File UploadGHSA-R2X7-427F-RQ69Mediumgithub.com/lin-snow/ech0: Ech0 has SSRF via DNS Resolution Bypass in Webhook URL ValidationGHSA-W8JJ-CWMC-WGQ2Mediumgithub.com/lin-snow/ech0: Ech0's Missing Authorization on System Logs Allows Non-Admin Information DisclosureGHSA-FWG7-53P4-G33CMediumgithub.com/lin-snow/ech0: Ech0 Comment Panel Endpoints Missing RequireScopes Middleware — Scoped Access Token BypassGHSA-HM2H-WWWH-G49XMediumgithub.com/lin-snow/ech0: Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted…GHSA-CP79-9MWR-WR49Mediumgithub.com/lin-snow/ech0: Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access…GHSA-4H9Q-P5J4-XVVHHighgithub.com/lin-snow/ech0: Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints,…CVE-2026-35037Highgithub.com/lin-snow/ech0: Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadataCVE-2026-35036Highgithub.com/lin-snow/ech0: Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview FeatureCVE-2026-33638Mediumgithub.com/lin-snow/ech0: Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint

Stop the waste.
Protect your environment with Kodem.