VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/siyuan-note/siyuan/kernel

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44670 critical 9.5 15d ago SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE
CVE-2026-44588 critical 9.5 15d ago SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)
CVE-2026-45375 critical 9.0 9.0 15d ago SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
CVE-2026-45148 medium 4.3 4.3 15d ago SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
CVE-2026-45147 medium 4.3 4.3 15d ago SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk