github.com/siyuan-note/siyuan/kernel vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-32767Criticalgithub.com/siyuan-note/siyuan/kernel: SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search APICVE-2026-32751Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile InterfaceCVE-2026-32749Highgithub.com/siyuan-note/siyuan/kernel: SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file writeCVE-2026-32815Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated…CVE-2026-32747Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secretsCVE-2026-32704Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DBCVE-2026-32110Highgithub.com/siyuan-note/siyuan/kernel: SiYuan has a Full-Read SSRF via /api/network/forwardProxyCVE-2026-31809Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSSCVE-2026-31807Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSSCVE-2026-30926Highgithub.com/siyuan-note/siyuan/kernel: SiYuan: Authorization Bypass Allows Low-Privilege Publish User to Modify Notebook Content via…CVE-2026-30869Criticalgithub.com/siyuan-note/siyuan/kernel: SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret…CVE-2026-29183Criticalgithub.com/siyuan-note/siyuan/kernel: SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon EndpointCVE-2026-29073Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database accessCVE-2026-25539Criticalgithub.com/siyuan-note/siyuan/kernel: SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCECVE-2026-25992Highgithub.com/siyuan-note/siyuan/kernel: SiYuan File Read API Case Sensitivity Bypass can Lead to Path TraversalCVE-2026-23850Highgithub.com/siyuan-note/siyuan/kernel: SiYuan vulnerable to Arbitrary file Read / SSRFCVE-2026-23851Highgithub.com/siyuan-note/siyuan/kernel: SiYuan Vulnerable to Arbitrary File Read via File Copy FunctionalityCVE-2026-23847Lowgithub.com/siyuan-note/siyuan/kernel: SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIconCVE-2026-23645Mediumgithub.com/siyuan-note/siyuan/kernel: SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File UploadGHSA-4R66-7RCV-X46XHighgithub.com/siyuan-note/siyuan/kernel: SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBinCVE-2025-67488Highgithub.com/siyuan-note/siyuan/kernel: SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCECVE-2025-21609Highgithub.com/siyuan-note/siyuan/kernel: SiYuan has an arbitrary file deletion vulnerabilityCVE-2024-55657Highgithub.com/siyuan-note/siyuan/kernel: SiYuan has an arbitrary file read via /api/template/renderCVE-2024-55658Highgithub.com/siyuan-note/siyuan/kernel: SiYuan has an arbitrary file read and path traversal via /api/export/exportResourcesCVE-2024-55659Highgithub.com/siyuan-note/siyuan/kernel: SiYuan has an arbitrary file write in the host via /api/asset/upload

Stop the waste.
Protect your environment with Kodem.