Org mode
This hub aggregates every CVE we track for Org mode, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3LOW1MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Org mode.
- CVE-2024-39331In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.9.8
- CVE-2024-30202In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.7.8
- CVE-2024-30204In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.2.8
- CVE-2024-30203In Emacs before 29.3, Gnus treats inline MIME contents as trusted.5.5
- CVE-2024-30205In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.7.1
- CVE-2023-28617org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.7.8
Product normalization is registry-driven with AI assist and human review. How it works