Product
joplin project joplin
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-22810
CVE-2025-27409
CVE-2025-27134
CVE-2025-25187
CVE-2025-24028
CVE-2024-55630
CVE-2024-53268
CVE-2024-49362
CVE-2024-40643
CVE-2023-45673
CVE-2023-39517
CVE-2023-38506
CVE-2023-37898
CVE-2023-37299
CVE-2023-37298
CVE-2022-45598
CVE-2022-40277
CVE-2022-35131
CVE-2021-33295
CVE-2022-23340
CVE-2021-23431
CVE-2021-37916
CVE-2020-28249
CVE-2020-15930
CVE-2020-9038
CVE-2018-1000534
< 3.5.7
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7
< 3.3.3
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks
< 3.3.3
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks
< 3.1.24
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks
< 3.2.12
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks
< 3.2.8
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks
< 3.0.3
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In af
< 3.1
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code exec
< 3.0.15
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non lett
< 2.13.3
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions
< 2.12.8
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions a
< 2.12.10
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrust
< 2.12.9
Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted no
< 2.11.5
Joplin before 2.11.5 allows XSS via an AREA element of an image map.
< 2.11.5
Joplin before 2.11.5 allows XSS via a USE element in an SVG document.
< 2.9.17
Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper san
all versions
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malic
all versions
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
< 1.8.5
Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to impro
all versions
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
< 2.3.2
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.
< 2.0.9
Joplin before 2.0.9 allows XSS via button and form in the note body.
all versions
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
>= 1.0.190 and <= 1.0.245
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
<= 1.0.184
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
< 1.0.90
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular Brow