Algernon vulnerable to server-side script source disclosure on Windows via NTFS filename in github.com/xyproto/algernon
{ "url": "https://pkg.go.dev/vuln/GO-2026-5903", "review_status": "UNREVIEWED" }
"https://vuln.go.dev/ID/GO-2026-5903.json"