Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

siyuan-note — Vulnerabilities & Security Advisories 51

Browse all 51 CVE security advisories affecting siyuan-note. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by siyuan-note:siyuan
CVE IDTitleCVSSSeverityPublished
CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS — siyuanCWE-79 5.4AIMediumAI2026-03-10
CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS — siyuanCWE-79 6.1AIMediumAI2026-03-10
CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage — siyuanCWE-22 9.3 Critical2026-03-09
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content — siyuanCWE-284 7.1 High2026-03-09
CVE-2026-29183 SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution — siyuanCWE-79 9.3 Critical2026-03-06
CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access — siyuanCWE-862 8.8 -2026-03-06
CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability — siyuanCWE-22 7.5 High2026-02-10
CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink — siyuanCWE-79 4.6 Medium2026-02-06
CVE-2026-25539 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE — siyuanCWE-22 9.1 Critical2026-02-04
CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute — siyuanCWE-94 8.2AIHighAI2026-01-19
CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality — siyuanCWE-22 8.1AIHighAI2026-01-19
CVE-2026-23850 SiYuan vulnerable to arbitrary file read — siyuanCWE-22 6.5AIMediumAI2026-01-19
CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon — siyuanCWE-79 6.1AIMediumAI2026-01-19
CVE-2026-23645 SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload — siyuanCWE-79 5.4 -2026-01-16
CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret — siyuanCWE-321 8.4 -2025-12-27
CVE-2025-67488 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE — siyuanCWE-22 7.8 High2025-12-09
CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability — siyuanCWE-459 8.1 -2025-01-03
CVE-2024-55660 SiYuan has an SSTI via /api/template/renderSprig — siyuanCWE-1336 6.5 -2024-12-11
CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload — siyuanCWE-22 5.4 -2024-12-11
CVE-2024-55658 SiYuan has an arbitrary file read and path traversal via /api/export/exportResources — siyuanCWE-22 6.5 -2024-12-11
CVE-2024-55657 SiYuan has an arbitrary file read via /api/template/render — siyuanCWE-22 6.5 -2024-12-11

This page lists every published CVE security advisory associated with siyuan-note. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.