CRITICAL9.9CVE-2026-32938SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service in github.com/siyuan-note/siyuan/kernel from 0
CRITICAL9.9CVE-2026-32938SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service in github.com/siyuan-note/siyuan/kernel from 0, <= 0.0.0-20260313024916-fd6526133bb3
CRITICAL9.8CVE-2026-33670SiYuan has directory traversal within its publishing service in github.com/siyuan-note/siyuan/kernel from 0, <= 0.0.0-20260317012524-fe4523fff2c8
CRITICAL9.8SiYuan has directory traversal within its publishing service in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.8SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260317012524-fe4523fff2c8
CRITICAL9.8SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.8SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.8SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260313024916-fd6526133bb3
CRITICAL9.6SiYuan is Vulnerable to Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
from 0, < 3.6.2
CRITICAL9.3SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.3SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel
from 0, < 3.5.10
CRITICAL9.3SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon Endpoint in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260304034809-d68bd5a79391
CRITICAL9.3SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon Endpoint in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260304034809-d68bd5a79391
CRITICAL9.1SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260126094835-d5d10dd41b0c
CRITICAL9.1SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.0SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260421031503-96dfe0bea474
CRITICAL9.0SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel
from 0
CRITICAL9.0SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions
from 0, < 0.0.0-20260407035653-2f416e5253f1
CRITICAL9.0SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client
from 0, < 3.6.2
HIGH8.6SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution
from 0, < 0.0.0-20260329142331-918d1bd9f967
HIGH8.5SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
from 0, < 3.6.40.0.0-20260407035653-2f416e5253f1
HIGH8.3SiYuan has a Full-Read SSRF via /api/network/forwardProxy in github.com/siyuan-note/siyuan/kernel
from 0, < 3.6.0
HIGH8.3SiYuan has a Full-Read SSRF via /api/network/forwardProxy in github.com/siyuan-note/siyuan/kernel
from 0
HIGH8.1SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
from 0, < 0.0.0-20260407035653-2f416e5253f1
HIGH7.8SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.8SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20251202123337-6ef83b42c7ce
HIGH7.6SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260313024916-fd6526133bb3
HIGH7.6SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark
from 0, < 3.6.2
HIGH7.5Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260317012524-fe4523fff2c8
HIGH7.5Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in github.com/siyuan-note/siyuan/kernel
from 0, < 3.6.2
HIGH7.5SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260126094835-d5d10dd41b0c
HIGH7.5SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20241210012039-5129ad926a21
HIGH7.5SiYuan has an arbitrary file read and path traversal via /api/export/exportResources in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.5SiYuan has an arbitrary file read and path traversal via /api/export/exportResources in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20241210012039-5129ad926a21
HIGH7.1SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren in github.com/siyuan-note/siyuan/kernel
from 0
HIGH7.1SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via /api/block/appendHeadingChildren in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260304035530-d03ebdec8279
MEDIUM6.8SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) in github.com/siyuan-note/siyuan/kernel
from 0
MEDIUM6.8SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) in github.com/siyuan-note/siyuan/kernel
from 0, < 3.6.2
MEDIUM6.8SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel
from 0
MEDIUM6.8SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260313024916-fd6526133bb3
MEDIUM6.5SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel
from 0, < 3.6.1
MEDIUM6.5SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel
from 0
MEDIUM6.1SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated)
from 0, < 0.0.0-20260330031106-f09953afc57a
MEDIUM5.4SiYuan has incomplete fix for CVE-2026-33066: XSS
from 0, < 0.0.0-20260414013942-62eed37a3263
MEDIUM4.6SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118021606-5c0cc375b475
MEDIUM4.6SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118021606-5c0cc375b475
MEDIUM4.3SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
from 0, < 0.0.0-20260512140701-d7b77d945e0d
MEDIUM4.3SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
from 0, < 0.0.0-20260512140701-d7b77d945e0d
—SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
from 0, < 0.0.0-20260512140701-d7b77d945e0d
—SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260421031503-96dfe0bea474
—SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260512140701-d7b77d945e0d
—SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260512140701-d7b77d945e0d
—SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)
from 0, < 3.6.5
—SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
from 0, < 0.0.0-20260407035653-2f416e5253f1
—SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260317012524-fe4523fff2c8
—SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260317012524-fe4523fff2c8
—SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260314111550-b382f50e1880
—SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260314111550-b382f50e1880
—SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260313024916-fd6526133bb3
—SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260313024916-fd6526133bb3
—SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260310025236-297bd526708f
—SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260310025236-297bd526708f
—SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260310025236-297bd526708f
—SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260310025236-297bd526708f
—SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20260113130602-4ba64580c29c
—SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118092326-b2274baba2e1
—SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118092326-b2274baba2e1
—SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118092521-f8f4b517077b
—SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260118092521-f8f4b517077b
—SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260116101155-11115da3d0de
—SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload in github.com/siyuan-note/siyuan/kernel
from 0, < 0.0.0-20260116101155-11115da3d0de
—SiYuan has an arbitrary file deletion vulnerability in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan has an arbitrary file deletion vulnerability in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel
from 0
—SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20241210012039-5129ad926a21
—SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel
from 0, <= 0.0.0-20241210012039-5129ad926a21
—SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel
from 0