Github.Com Siyuan-Note Siyuan Kernel vulnerabilities
47 known vulnerabilities affecting github.com/siyuan-note_siyuan_kernel.
Total CVEs
47
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH20MEDIUM14LOW1
Vulnerabilities
Page 3 of 3
CVE-2026-40107P3HIGH≥ 0, < 0.0.0-20260407035653-2f416e5253f12026-04-10
CVE-2026-40107 [HIGH] CWE-918 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
SiYuan configures Mermaid.js with `securityLevel: "loose"` and `htmlLabels: true`. In this mode, `` tags with `src` attributes survive Mermaid's internal DOMPurify and land in SVG `` blocks. The SVG is injected via `innerHTML` with no secondary sanitization. When a victim opens a note c
ghsa
CVE-2026-32747P4MEDIUM≥ 0, ≤ 0.0.0-20260313024916-fd6526133bb32026-03-16
CVE-2026-32747 [MEDIUM] CWE-184 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
### Summary
POST /api/file/globalCopyFiles reads source files using filepath.Abs() with no workspace boundary check, relying solely on util.IsSensitivePath() whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ o
ghsaosv
CVE-2024-55659P4HIGH≥ 0, ≤ 0.0.0-20241210012039-5129ad926a212024-12-11
CVE-2024-55659 [HIGH] CWE-22 SiYuan has an arbitrary file write in the host via /api/asset/upload
SiYuan has an arbitrary file write in the host via /api/asset/upload
### Summary
The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS (via the file write).
### Impact
Arbitrary file write
ghsaosv
CVE-2026-23847P4LOW≥ 0, < 0.0.0-20260118021606-5c0cc375b4752026-01-21
CVE-2026-23847 [LOW] CWE-79 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon
SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon
### Summary
Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input.
### Details
The endpoint generates SVG images for text icons (type=8). The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting unescaped
ghsaosv
CVE-2026-23645P4MEDIUM≥ 0, < 0.0.0-20260116101155-11115da3d0de2026-01-16
CVE-2026-23645 [MEDIUM] CWE-79 SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload
SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload
### Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the cont
ghsaosv
CVE-2026-45148P4MEDIUM≥ 0, < 0.0.0-20260512140701-d7b77d945e0d2026-05-13
CVE-2026-45148 [MEDIUM] CWE-863 SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
### Summary
The advisory `GHSA-c77m-r996-jr3q` patched `getBookmark` so that, when invoked by a publish-mode `RoleReader`, results are filtered through `FilterBlocksByPublishAccess` to remove entries from password-protected / publish-ig
ghsa
CVE-2026-45147P4MEDIUM≥ 0, < 0.0.0-20260512140701-d7b77d945e0d2026-05-13
CVE-2026-45147 [MEDIUM] CWE-285 SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
### Summary
`POST /api/tag/getTag` is registered with `model.CheckAuth` only, omitting both `model.CheckAdminRole` and `model.CheckReadonly`, despite the handler performing a configuration write that is normally guarded by both. Any authentic
ghsa
← Previous3 / 3