Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

hedgedoc — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting hedgedoc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HedgeDoc serves as a collaborative markdown editor for real-time document creation and sharing. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting attacks, and privilege escalation flaws, with 13 CVEs documented. Common security issues often stem from improper input validation and insufficient access controls. Notable incidents include a critical RCE vulnerability (CVE-2022-24433) allowing arbitrary command execution, and persistent XSS flaws enabling malicious script injection. The platform's open-source nature has facilitated rapid vulnerability remediation, though its widespread deployment in academic and enterprise environments necessitates ongoing security vigilance.

Top products by hedgedoc: hedgedoc
CVE IDTitleCVSSSeverityPublished
CVE-2026-25642 HedgeDoc security headers for uploaded files were not working — hedgedocCWE-79 4.3 Medium2026-02-06
CVE-2025-66629 HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF — hedgedocCWE-352 3.7 Low2025-12-05
CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads — hedgedocCWE-79 6.4 Medium2025-04-10
CVE-2024-45308 MySQL & free URL mode allows to hide existing notes in hedgedoc — hedgedocCWE-1289 6.5 Medium2024-09-02
CVE-2023-38487 HedgeDoc API allows to hide existing notes — hedgedocCWE-289 6.5 Medium2023-08-04
CVE-2022-24837 Enumerable upload file names in hedgedoc — hedgedocCWE-200 5.3 Medium2022-04-11
CVE-2021-39175 XSS vector in slide mode speaker-view — hedgedocCWE-74 8.1 High2021-08-30
CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes — hedgedocCWE-80 8.1 High2021-05-19
CVE-2021-29474 Relative Path Traversal Attack on note creation — hedgedocCWE-20 4.7 Medium2021-04-26
CVE-2021-29475 PDF export allows arbitrary file reads — hedgedocCWE-94 10.0 Critical2021-04-26
CVE-2021-21259 Stored XSS in slide mode — hedgedocCWE-79 7.4 High2021-01-22
CVE-2020-26287 Stored XSS in mermaid diagrams — hedgedocCWE-79 8.7 High2020-12-28
CVE-2020-26286 Arbitary file upload — hedgedocCWE-434 7.5 High2020-12-28

This page lists every published CVE security advisory associated with hedgedoc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.