2
0
1
1
Vulnerability Timeline
2 vulnerabilities discovered over time for Siyuan
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-29183 | 6.1 | This vulnerability allows an attacker to inject malicious JavaScript into the SiYuan web application, which can then execute actions on behalf of a logged-in user if they click on a crafted link. It can be exploited without any authentication, making it particularly dangerous for users who might unknowingly open the link. | b3logsiyuan | Theoretical | about 1 month agoMar 6, 2026 |
| CVE-2026-29073 | 5.7 | This vulnerability allows any logged-in user, including those with just read access, to execute any SQL query on the database, potentially exposing or altering sensitive data. It affects versions prior to 3.6.0 and is fixed in that version, so users should update to secure their systems. | b3logsiyuan | Theoretical | about 1 month agoMar 6, 2026 |
About B3log Siyuan Security
This page provides comprehensive security vulnerability tracking for B3log Siyuan. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Siyuan updated to the latest version
- • Subscribe to security advisories from B3log
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately