Github.com/siyuan-note/siyuan/kernel
This hub aggregates every CVE we track for Github.com/siyuan-note/siyuan/kernel, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
22
CVEs tracked
6
Critical
8
High
0
In CISA KEV
Severity distribution
HIGH8MEDIUM8CRITICAL6
Monthly trend
0
0
0
0
0
4
1
0
0
0
0
0
0
0
0
0
0
1
4
2
10
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Github.com/siyuan-note/siyuan/kernel.
- CVE-2026-32767SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API9.8
- CVE-2026-32751SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface9.0
- CVE-2026-32749SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write7.6
- CVE-2026-32747SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets6.8
- CVE-2026-32704SiYuan renderSprig: missing admin check allows any user to read full workspace DB6.5
- CVE-2026-32110SiYuan has a Full-Read SSRF via /api/network/forwardProxy8.3
- CVE-2026-31809SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS6.1
- CVE-2026-31807SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS6.1
- CVE-2026-30926SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content7.1
- CVE-2026-29183SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution9.3
- CVE-2026-25992SiYuan has a File Read Interface Case Bypass Vulnerability7.5
- CVE-2026-25539SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE9.1
- CVE-2026-23851SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality6.5
- CVE-2026-23850SiYuan vulnerable to arbitrary file read7.5
- CVE-2026-23847SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon6.1
Product normalization is registry-driven with AI assist and human review. How it works