CVE-2026-43887

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backend does not validate or sanitize the href attribute associated with these mentions. As a result, potentially dangerous...

CVE-2026-43888

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

EUVD-2026-29343

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2026-44695

Summary: CVE-2026-44695 affects Outline before version 1.7.1. The Slack OAuth flow for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. If an attacker can obtain a Slack OAuth code for the same Outline Slack client, they can cause a logged-in Outline user to comple...

Outline 路径遍历漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained a path traversal vulnerability. This vulnerability stemmed from ZipHelper.extract’s use of trimFileAndExt to pass the entire file system path during path extraction. When the nested paths o...

Outline 跨站脚本漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.6.1 of Outline contain a cross-site scripting vulnerability. This vulnerability arises from the comment section, where users are allowed to mention others. However, the backend does not validate or clean up the hr...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.7.0 of Outline contain security vulnerabilities. These vulnerabilities stem from a corrupted authorization pattern in the subscriptions.create API endpoint. When both collectionId and documentId are provided...

PT-2026-39865

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.1 Description The Slack integration callback for the endpoint "/auth/slack.post" accepts an unsigned, session-independent OAuth state value. This allows a third party with a Slack OAuth code for the same Outline...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.6.1 of Outline contain security vulnerabilities. These vulnerabilities stem from a logical error in the use of Array.some for verifying the OAuth scopes. As a result, if any single scope is valid, the entire scope...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline from 0.86.0 to 1.7.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references. When both the collectionId and documentId are provided in a request, the authorizatio...

CVE-2025-68663 Outline has a suspended user authentication bypass via WebSocket connections

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

PT-2026-7662

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...

CVE-2023-54331

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with...

EUVD-2024-38547

Malicious code in bioql PyPI...

Outline 跨站脚本漏洞

Outline is an Outline open source knowledge base. A cross-site scripting vulnerability exists in Outline 0.83.0 and earlier versions that stems from a CSP bypass of the local file system storage function...

CVE-2024-37829

An issue in Outline = v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link...

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

CVE-2024-37829

An issue in Outline = v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link...