Package impact
GO / github.com/siyuan-note/siyuan/kernel
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44670 | critical | — | 9.5 | 16d ago | SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE | |||
| CVE-2026-44588 | critical | — | 9.5 | 16d ago | SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) | |||
| CVE-2026-45375 | critical | 9.0 | 9.0 | 16d ago | SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution |