← All frameworks
75
Hugo
modern
go · ssg · since 2013
recommended
↓
3.0 pts
vs last month
Updated June 2026
Hugo scores 75/100. Verdict: Recommended.
Dimension breakdown
Security
5 total CVEs on record.
Total Cves
5
Critical Cves
0
Exploited Cves
0
Avg Cvss
3.0
Cves Last Year
1
Performance
Average performance. Room for optimization.
Ecosystem
78,000 GitHub stars. 900 contributors. 12 releases in the last year.
Stars
78,000
Contributors
900
Releases Last Year
12
Avg Issue Close Days
15
Ai Readiness
Excellent AI-readiness. API-first or structured output by design. Clean semantic HTML, machine-parseable responses, minimal client-side rendering.
Structured Output
88
Api First
1.0
Headless Capable
1.0
Developer Experience
Strong developer experience. Good docs, modern tooling, active community.
Market Trajectory
Score
35
Market Share Pct
0.1
Cost Of Ownership
Very low cost. Static output, CDN-deployable, minimal infrastructure.
Actively exploited vulnerabilities
Updated 2026-07-13
0 entries
No known active exploitation. Zero entries in CISA's catalog of confirmed in-the-wild attacks.
Hugo scores 75/100 overall. Strongest dimension: security (92). Weakest: market trajectory (35).
Latest Hugo insights

The Zero-CVE Cohort Is Growing. Hugo, Astro, and HTMX Are Gaining Share Where It Matters.
July 3, 2026 · 5 min
Seven Frameworks Recorded Zero CVEs Last Year. The Pattern Is Architectural.
June 23, 2026 · 5 min
The Zero-KEV Frameworks: 12 Platforms With No Exploited Vulnerabilities
June 22, 2026 · 5 min
The Zero-CVE Migration Target: Why Hugo and HTMX Have No Vulnerability History
June 22, 2026 · 6 min
Rails' 3 KEV Entries: The Darling Framework Carries Federal Risk
June 22, 2026 · 5 min