Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: hugo Clear
ID Title
CVE-2026-58402 Cross-Site Scripting (XSS) in gohugo (CVE-2026-58402)
cross-site scripting in gohugo (CVE-2026-58402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
CVE-2026-58403 Vulnerability in gohugo (CVE-2026-58403)
vulnerability in gohugo (CVE-2026-58403). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
CVE-2026-58404 SSRF (Server-Side Request Forgery) in gohugo (CVE-2026-58404)
SSRF in gohugo (CVE-2026-58404). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
CVE-2026-50135 Vulnerability in github.com/gohugoio/hugo (CVE-2026-50135)
vulnerability in github.com/gohugoio/hugo (CVE-2026-50135). Confidential information can be exposed externally. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50134 SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (CVE-2026-50134)
SSRF in github.com/gohugoio/hugo (CVE-2026-50134). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50133 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-44301 Path Traversal in github.com/gohugoio/hugo (CVE-2026-44301)
path traversal in github.com/gohugoio/hugo (CVE-2026-44301). Confidential information can be exposed externally. Mitigation: upgrade to `0.161.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →