Browse all 4 CVE security advisories affecting Typora. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Typora serves as a markdown editor focused on streamlined document creation and editing. Historically, vulnerabilities have included cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and sandbox escapes. The application's minimalistic design reduces attack surface compared to feature-rich alternatives, though its embedded web rendering components remain a persistent risk vector. While no major public security incidents have been widely documented, the four recorded CVEs highlight ongoing concerns around memory corruption and unsafe deserialization in its parsing engine. Regular updates address these issues, but users should remain vigilant regarding potential content-based attacks when processing untrusted markdown files.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-2971 | Typora Local File Disclosure — TyporaCWE-22 | 6.3 | Medium | 2023-08-19 |
| CVE-2023-2317 | Typora DOM-Based Cross-site Scripting leading to Remote Code Execution — TyporaCWE-79 | 8.6 | High | 2023-08-19 |
| CVE-2023-2316 | Typora Local File Disclosure — TyporaCWE-22 | 7.4 | High | 2023-08-19 |
| CVE-2022-43668 | Typora 跨站脚本漏洞 — Typora | 6.1 | - | 2022-12-07 |
This page lists every published CVE security advisory associated with Typora. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.