Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SiYuan — Vulnerabilities & Security Advisories 1

Browse all 1 CVE security advisories affecting SiYuan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SiYuan: SiYuan
HighCVE-2026-308692026-04-25
Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint · Advisory · siy
HighCVE-2026-414212026-04-25
SiYuan Desktop Notification XSS Leads to Electron RCE · Advisory · siyuan-note/siyuan · GitHub
CriticalCVE-2026-330662026-04-18
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering · CVE-2026-33066 · GitHub Advisory Database · GitHu
HighCVE-2024-402592026-04-18
Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView` · Advisory · siyuan-n
CriticalCVE-2024-403222026-04-18
SiYuan Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE · Advisory · siyuan-note/siyuan · GitHu
MediumCVE-2026-409222026-04-18
Incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan · Advisory · siyuan-note/siyuan · GitHub
UnknownCVE-2024-401072026-04-10
Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering · Advisory · siyuan-note/siyuan · GitHub
CriticalCVE-2024-364492026-04-02
Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection · Advisory · siyuan-note/siyuan · GitHub
HighGHSA-73g7-88qr-jrgj2026-04-02
Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) · Advisory · siyuan-not
HighCVE-2025-345852026-04-02
Stored XSS in imported .sy.zip content leads to arbitrary command execution in SiYuan Desktop · Advisory · siyuan-note/s
HighCVE-2026-259922026-02-11
File Read Interface Case Bypass Vulnerability · Advisory · siyuan-note/siyuan · GitHub
HighCVE-2026-238522026-01-20
Stored XSS / RCE via `setBlockAttrs` icon attribute (bypass of dynamic icon XSS fix #15970) · Advisory · siyuan-note/siy

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with SiYuan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.