Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 19+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Unknown
:lock: https://github.com/siyuan-note/siyuan/security/advisories/GHSA… · siyuan-note/siyuan@bb481e1 · GitHub
GHSA-... · github.com · 2026-04-25
siyuan-note/siyuan
Read more
High
Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint · Advisory · siy
CVE-2026-30869 · github.com · 2026-04-25
SiYuan <= 3.6.4
Read more
High
SiYuan Desktop Notification XSS Leads to Electron RCE · Advisory · siyuan-note/siyuan · GitHub
CVE-2026-41421 · github.com · 2026-04-25
SiYuan Desktop < v3.6.4
Read more
Critical
SiYuan Bazaar Unfiltered README Rendering Leads to XSS to RCE
CVE-2026-33066 · github.com · 2026-04-18
SiYuan <= 3.5.9
Read more
High
CVE-2024-40259: Arbitrary File Delete Vulnerability and Fix
CVE-2024-40259 · github.com · 2026-04-18
SiYuan <v3.6.3
Read more
Critical
SiYuan Mermaid javascript: Injection Leads to Stored XSS and Electron RCE (CVE-2024-40322)
CVE-2024-40322 · github.com · 2026-04-18
SiYuan < v3.6.3
Read more
Medium
SiYuan Bazaar README XSS via iframe srcdoc (CVE-2026-40922)
CVE-2026-40922 · github.com · 2026-04-18
github.com/siyuan-note/siyuan < commit b382f50e1880
Read more
High
SiYuan Note Path Traversal in removeUnusedAttributeView Leading to Arbitrary File Deletion
github.com · 2026-04-18
siyuan-note/siyuan <3.6.3
Read more
Unknown
SiYuan Note Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Rendering (CVE-2024-40107)
CVE-2024-40107 · github.com · 2026-04-10
SiYuan < 3.6.4
Read more
Premium intel
Critical
SiYuan Note Electron Client Stored XSS Leading to RCE (CVE-2020-39640)
CVE-2020-39640 · github.com · 2026-04-08
SiYuan <= v3.6.3
Read more
High
SiYuan Note CVE-2024-36453 Broken Access Control in Publish Service
CVE-2024-36453 · github.com · 2026-04-02
SiYuan Note <= v3.6.1
Read more
Premium intel
Critical
Siyuan Note CVE-2024-36449 Cross-Origin RCE via Permissive CORS
CVE-2024-36449 · github.com · 2026-04-02
siyuan <= 3.6.1
Read more
High
SiYuan Note CVE-2024-34005 Reflected XSS via SVG Namespace Prefix Bypass
GHSA-73g7-88qr-jrgj · github.com · 2026-04-02
SiYuan <= v3.6.1
Read more
Premium intel
High
SiYuan Desktop v3.6.1 Stored XSS to RCE via .sy.zip (CVE-2025-34585)
CVE-2025-34585 · github.com · 2026-04-02
SiYuan Desktop <=v3.6.1
Read more
Critical
SiYuan Note v3.6.1 Stored XSS to RCE via Electron Context Isolation
github.com · 2026-04-02
SiYuan Note 3.6.1
Read more
High
CVE-2026-25992: File Read Interface Case Bypass Vulnerability
CVE-2026-25992 · github.com · 2026-02-11
SiYuan v3.5.4
Read more
Premium intel
Critical
SiYuan Arbitrary File Write to RCE via /api/file/copyFile (CVE-2026-25539)
CVE-2026-25539 · github.com · 2026-02-05
SiYuan Note <= 3.5.3
Read more
High
Fix SVG Script Execution XSS Vulnerability and Add Configuration Controls
github.com · 2026-01-20
SiYuan Note <= commit 11115da
Read more
High
SiYuan Note <=v3.5.3 Stored XSS Bypass Leading to RCE (CVE-2026-23852)
CVE-2026-23852 · github.com · 2026-01-20
SiYuan <=v3.5.3
Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.