Known Vulnerabilities for products from B3log
Listed below are 20 of the newest known vulnerabilities associated with the vendor "B3log".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40922 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-40322 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered wit... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-40318 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttribute... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-40259 json | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttribute... | Not Provided | 2026-04-16 | 2026-04-20 |
| CVE-2026-40107 json | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" an... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-39846 json | SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote ... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-34605 json | SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introd... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-34585 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute valu... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-34453 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from ... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-34449 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Executi... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-34448 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Att... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2026-33670 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to travers... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33669 json | SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readD... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2022-0350 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-31 | 2023-03-07 |
| CVE-2022-0341 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-14 | 2022-03-18 |
| CVE-2021-32855 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2023-02-21 | 2023-03-02 |
| CVE-2021-4103 json | Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | 5.4 - MEDIUM | 2022-01-23 | 2022-01-27 |
| CVE-2019-17488 json | b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 6.1 - MEDIUM | 2019-10-10 | 2019-10-15 |
| CVE-2019-13915 json | b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the ed... | 7.5 - HIGH | 2019-07-18 | 2020-08-24 |
| CVE-2019-9142 json | An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to pr... | 6.1 - MEDIUM | 2019-02-25 | 2019-02-25 |