Launch Week Day 1: Announcing Security Design Review

SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin in github.com/siyuan-note/siyuan/kernel

GO-2025-4219 · GHSA-4r66-7rcv-x46x

Published Dec 15, 2025 · Modified Mar 3, 2026

Description

SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin in github.com/siyuan-note/siyuan/kernel

References

ADVISORY https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4r66-7rcv-x46x

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes