34 matches found
GO-2026-5702 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering in github.com/siyuan-note/siyuan/kernel
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering in github.com/siyuan-note/siyuan/kernel...
GO-2026-5357 SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution in github.com/siyuan-note/siyuan/kernel
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution in github.com/siyuan-note/siyuan/kernel...
GO-2026-5260 SiYuan has incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan/kernel...
GO-2026-5201 SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated) in github.com/siyuan-note/siyuan/kernel
SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG getDynamicIcon, unauthenticated in github.com/siyuan-note/siyuan/kernel...
GO-2026-5001 SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel
SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...
GO-2026-4842 SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel
SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel...
GO-2026-4709 SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure in github.com/siyuan-note/siyuan/kernel
SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure in github.com/siyuan-note/siyuan/kernel...
GO-2026-4700 SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
GO-2026-4707 SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel...
GO-2026-4705 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel
SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel...
GO-2026-4802 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel...
GO-2026-4766 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) in github.com/siyuan-note/siyuan/kernel
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home GHSA-h5vh-m7fg-w5h6 Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...
GO-2026-4747 SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel...
GHSA-3G9H-9HP4-654V SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...
GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...
GO-2026-4685 SiYuan has a Full-Read SSRF via /api/network/forwardProxy in github.com/siyuan-note/siyuan/kernel
SiYuan has a Full-Read SSRF via /api/network/forwardProxy in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2026-4667 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the forwardProxy function. An attacker can access internal network resources, retrieve sensitive data, and potentially obtain cloud metadata or credentials by supplying a crafted URL to the endpoint...