pkg:Go/github.com/gohugoio/hugo
7 total CVEsHIGH2MEDIUM3
✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2026-44301Hugo's Node tool execution allows file system access outside the project directory >= 0.43.0, < 0.161.0
HIGH7.7CVE-2020-26284Hugo can execute a binary from the current directory on Windows from 0, < 0.79.1
MEDIUM6.1CVE-2024-32875Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo >= 0.123.0, < 0.125.3
MEDIUM6.1Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
>= 0.123.0, < 0.125.3
MEDIUM5.4Hugo: Certain markdown links are not properly escaped
>= 0.60.0, < 0.159.2
—Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo
>= 0.123.0, < 0.139.4
—Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo
>= 0.123.0, < 0.139.4