siyuan
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting siyuanpage 1 of 1
- CVE-2026-56395CRITICALCVSS 9.6EG 9.62026-06-21
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user brows…
- CVE-2026-56397CRITICALCVSS 9.6EG 9.62026-06-21
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user brows…
Check whether siyuan is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for siyuan CVEs against the assets you own.
Start Free Scan →