Shiori is vulnerable to authentication bypass via a brute force attack
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
Advisories for Golang/Github.com/Go-Shiori/Shiori package
2026