[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-40322":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-17T02:13:50.074Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":63,"aliases":64,"duplicate_of":9,"upstream":65,"downstream":66,"duplicates":67,"related":68,"reserved_at":9,"published_at":69,"modified_at":69,"state":70,"summary":71,"references_raw":78,"kevs":90,"epss":9,"epss_history":91,"metrics":92,"affected":101},"CVE-2026-40322","SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to \"loose\", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to survive into the rendered output. On desktop builds using Electron, windows are created with nodeIntegration enabled and contextIsolation disabled, escalating the stored XSS to arbitrary code execution when a victim opens a note containing a malicious Mermaid block and clicks the rendered diagram node. This issue has been fixed in version 3.6.4.",null,[11,44],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],{"_key":45,"id":45,"name":46,"description":47,"type":15,"status":48,"abstraction":17,"likelihood_of_exploit":49,"capec":50},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","Draft","Medium",[51,55,59],{"id":52,"name":53,"techniques":54},"CAPEC-242","Code Injection",[],{"id":56,"name":57,"techniques":58},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[],{"id":60,"name":61,"techniques":62},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[],[],[],[],[],"2026-04-16T23:00:07.719Z","Received",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":73,"severity_score":74,"severity_version":75,"severity_source":76,"severity_vector":77,"severity_status":70},false,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",[79,85],{"url":80,"sources":81,"tags":83},"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x63q-3rcj-hhp5",[76,82],"nvd",[84],"X Refsource CONFIRM",{"url":86,"sources":87,"tags":88},"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4",[76,82],[89],"X Refsource MISC",[],[],[93,98],{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":94,"cvss_v4_0":9},{"baseScore":74,"baseSeverity":95,"vectorString":77,"impactScore":96,"exploitabilityScore":97},"CRITICAL",10,5.9,{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":99,"cvss_v4_0":9},{"baseScore":100,"baseSeverity":95,"vectorString":77,"impactScore":96,"exploitabilityScore":97},9,[102],{"ecosystem":9,"name":103,"vendor":104,"product":103,"cpe_part":105,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":106},"siyuan","siyuan-note","a",[107],{"version":108,"is_range":109,"range_type":76,"version_start":9,"version_start_type":9,"version_end":110,"version_end_type":111,"fixed_in":9},"\u003C 3.6.4",true,"3.6.4","excluding"]