CVE-2025-57798

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

PT-2026-42012

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1 Description A Denial of Service DoS flaw exists in the title input functionality due to missing length validation. An attacker can trigger an Out Of Memory OOM error, leading to program termination, by inserting ...

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application by Laurent Cozic, an individual developer. Joplin suffers from a cross-site scripting vulnerability that stems from not escaping HTML entities when adding a note title and the lack of a strict Content-Security-Policy, resulting in the...

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...