Siyuan CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor B3log Subscriptions

Filtered by product Siyuan Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-2692	1 B3log	1 Siyuan	2025-05-13	9.6 Critical
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
CVE-2024-53505	2 B3log, Siyuan	2 Siyuan, Siyuan	2025-04-14	9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.
CVE-2024-53506	2 B3log, Siyuan	2 Siyuan, Siyuan	2025-04-14	9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVE-2024-53507	2 B3log, Siyuan	2 Siyuan, Siyuan	2025-04-14	9.8 Critical
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.
CVE-2024-53504	2 B3log, Siyuan	2 Siyuan, Siyuan	2025-04-14	9.8 Critical
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

Page 1 of 1.