Joplin Security Vulnerabilities and Issues — Joplin CVE List

Lucene search

Joplin ProjectJoplin

5 matches found

CVE•added 2024/11/14 6:15 p.m.•68 views

CVE-2024-49362

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This v...

9.6CVSS8AI score0.00207EPSS

CVE•added 2022/02/08 2:15 p.m.•46 views

CVE-2022-23340

Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.

9.8CVSS9.7AI score0.00611EPSS

CVE•added 2024/09/09 3:15 p.m.•46 views

CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "

9.6CVSS9.1AI score0.008EPSS

CVE•added 2025/02/07 11:15 p.m.•43 views

CVE-2025-24028

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text ...

9.6CVSS6AI score0.00094EPSS

CVE•added 2024/06/21 8:15 p.m.•39 views

CVE-2023-45673

Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin de...

9CVSS9.2AI score0.0377EPSS