Package impact
Go / github.com/siyuan-note/siyuan/kernel
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45371 | high | — | 8.0 | 15d ago | SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs | |||
| CVE-2026-23850 | high | 7.5 | 7.5 | 4mo ago | SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel | |||
| CVE-2026-45148 | medium | 4.3 | 4.3 | 15d ago | SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode | |||
| CVE-2026-45147 | medium | 4.3 | 4.3 | 15d ago | SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk |