| CVE-2026-44301 |
high |
8.1 |
8.1 |
|
|
|
23d ago |
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with… |
| CVE-2026-35166 |
unknown |
— |
— |
|
|
|
2mo ago |
Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or… |
| CVE-2024-55601 |
unknown |
— |
— |
|
|
|
2y ago |
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks… |
| CVE-2024-32875 |
unknown |
— |
— |
|
|
|
2y ago |
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are im… |
