Package impact
Go / github.com/siyuan-note/siyuan/kernel
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44670 | critical | — | 9.5 | 16d ago | SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE | |||
| CVE-2026-44588 | critical | — | 9.5 | 16d ago | SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) | |||
| CVE-2026-45375 | critical | 9.0 | 9.0 | 16d ago | SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution | |||
| CVE-2026-45371 | high | — | 8.0 | 16d ago | SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs | |||
| CVE-2026-23850 | high | 7.5 | 7.5 | 4mo ago | SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel |