17 matches found
SiYuan Note - Cross-Site Scripting
SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...
CVE-2026-44588
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...
CVE-2026-34605
SiYuan 3.6.0–3.6.1 suffer a bypass of the SanitizeSVG XSS fix on the unauthenticated /api/icon/getDynamicIcon endpoint. The Go HTML5 parser records namespace-prefixed SVG tags as x:script, allowing the tag to bypass the numeric sprite check; when served as image/svg+xml without a CSP, the browser...
CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...
PT-2026-29377
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description A security flaw exists in SiYuan that allows a malicious website to achieve Remote Code Execution RCE on a desktop system running the application. This is possible due to a permissive CORS policy...
SUSE CVE-2026-32938
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...
CVE-2026-33670
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...
CVE-2026-33670 SiYuan has directory traversal within its publishing service
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...
SUSE CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...
SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Stored XSS to RCE via Unsanitized Bazaar Package Metadata Summary SiYuan's Bazaar community marketplace renders package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which...
PT-2026-25859
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, contains an authorization bypass that allows authenticated users, including those with the Reader role, to execute arbitrary SQL statements against the...
EUVD-2026-10394
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...
CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...
CVE-2026-23850
SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...
CVE-2025-67488
SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...