19 Total CVEs
18 AI Analyzed
0 CISA KEV
16 Critical
All Vendors
Showing 1-19 of 19 CVEs
CVE-2026-56397
Analyzed
9.6
SiYuan SiYuan

SiYuan versions before 3.6.1 contain an XSS vulnerability in the Bazaar marketplace that allows remote code execution via malicious package metadata.

2026-06-22
CVE-2026-56395
Analyzed
9.6
SiYuan SiYuan

SiYuan versions before 3.6.1 contain an XSS vulnerability in the Bazaar marketplace that allows remote code execution via malicious package metadata.

2026-06-22
CVE-2026-54759
Analyzed
8.7
SiYuan SiYuan Note

SiYuan is an open-source personal knowledge management system

2026-06-25
CVE-2026-54158
Analyzed
9.9
SiYuan SiYuan

A critical XSS vulnerability in SiYuan's attribute-view cell renderer allows attackers to inject malicious scripts, leading to remote code execution o...

2026-06-25
CVE-2026-54069
Analyzed
9.2
SiYuan SiYuan Note

The SiYuan kernel HTTP server improperly trusts browser extension origins, allowing unauthenticated administrative API access and potential data exfil...

2026-06-25
CVE-2026-54067
Analyzed
9.9
SiYuan SiYuan

A cross-site scripting (XSS) vulnerability in SiYuan's CSS snippet rendering allows attackers to execute arbitrary JavaScript, leading to remote code...

2026-06-25
CVE-2026-50551
Analyzed
9.9
SiYuan SiYuan

A stored cross-site scripting (XSS) vulnerability in the SiYuan Attribute View allows for remote code execution (RCE) within the Electron desktop clie...

2026-06-25
CVE-2026-45375
Analyzed
9
SiYuan SiYuan

A stored Cross-Site Scripting (XSS) vulnerability in the SiYuan Marketplace allows attackers to execute arbitrary HTML/JS via malicious package metada...

2026-05-15
CVE-2026-40322
Analyzed
9
SiYuan SiYuan

SiYuan versions 3.6.3 and below are vulnerable to stored XSS in Mermaid diagrams, which can be escalated to arbitrary code execution on Electron-based...

2026-04-17
CVE-2026-39846
Analyzed
9
SiYuan SiYuan Desktop Client

SiYuan personal knowledge management system is vulnerable to stored XSS, which can lead to remote code execution in the Electron desktop client.

2026-04-08
CVE-2026-34449
Analyzed
9.6
SiYuan SiYuan

SiYuan desktop application is vulnerable to Remote Code Execution via a permissive CORS policy. A malicious website can inject JavaScript into the Ele...

2026-04-01
CVE-2026-33670
Analyzed
9.8
SiYuan SiYuan

SiYuan versions prior to 3.6.2 allow unauthenticated directory traversal and filename retrieval via the /api/file/readDir interface, exposing the stru...

2026-03-27
CVE-2026-33669
Analyzed
9.8
SiYuan SiYuan

SiYuan versions prior to 3.6.2 are vulnerable to unauthorized data access where document IDs and content can be retrieved through the /api/file/readDi...

2026-03-27
CVE-2026-33476
Analyzed
7.5
SiYuan SiYuan Knowledge Management System

SiYuan is a personal knowledge management system

2026-03-22
CVE-2026-32940
Analyzed
9.3
SiYuan SiYuan

SiYuan versions 3.6.0 and below contain a click-through XSS vulnerability in the dynamic icon API due to incomplete SVG sanitization.

2026-03-20
CVE-2026-32938
Analyzed
9.9
SiYuan SiYuan

SiYuan versions 3.6.0 and below are vulnerable to path traversal and sensitive file exfiltration via improper validation of file:// links in pasted HT...

2026-03-20
CVE-2026-29183
Analyzed
9.3
SiYuan SiYuan

SiYuan versions prior to 3.5.9 contain an unauthenticated reflected XSS vulnerability in the dynamic icon API endpoint, allowing JavaScript execution...

2026-03-07
CVE-2026-25539
Analyzed
9.1
SiYuan SiYuan

SiYuan's /api/file/copyFile endpoint fails to validate the 'dest' parameter, allowing authenticated users to write files to arbitrary locations, poten...

2026-02-05
CVE-2025-67488
7.8
SiYuan Multiple Products

SiYuan is self-hosted, open source personal knowledge management software

2025-12-11