Headline
GHSA-mw8h-g64c-rxv4: Shiori is vulnerable to authentication bypass via a brute force attack
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
Skip to content
Navigation Menu
AI CODE CREATION
GitHub CopilotWrite better code with AI
GitHub SparkBuild and deploy intelligent apps
GitHub ModelsManage and compare prompts
MCP RegistryNewIntegrate external tools
View all features
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Appearance settings
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-60538
Shiori is vulnerable to authentication bypass via a brute force attack
Moderate severity GitHub Reviewed Published Jan 9, 2026 to the GitHub Advisory Database • Updated Jan 13, 2026
Package
gomod github.com/go-shiori/shiori (Go)
Affected versions
<= 1.7.4
Description
Published to the GitHub Advisory Database
Jan 9, 2026
Last updated
Jan 13, 2026