Known Vulnerabilities for Siyuan by B3log
Listed below are 10 of the newest known vulnerabilities associated with "Siyuan" by "B3log".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59855 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpo... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-59854 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacke... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-59853 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns ... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-59834 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/ful... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-59833 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTM... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-59832 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSni... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-56397 json | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious pack... | Not Provided | 2026-06-21 | 2026-06-24 |
| CVE-2026-56395 json | SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious pack... | Not Provided | 2026-06-21 | 2026-06-22 |
| CVE-2026-55570 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name,... | Not Provided | 2026-06-24 | 2026-06-25 |
| CVE-2026-54759 json | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove | Not Provided | 2026-06-24 | 2026-06-25 |