Trilium
by Triliumnext
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45668 | Cri | 0.53 | — | 0.00 | May 29, 2026 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note… | ||
| CVE-2026-39310 | Hig | 0.49 | 8.6 | 0.00 | May 20, 2026 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment.… | ||
| CVE-2025-53544 | Hig | 0.42 | 7.5 | 0.00 | Aug 5, 2025 | Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to… | ||
| CVE-2026-39311 | Med | 0.37 | 6.8 | 0.00 | May 20, 2026 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a… | ||
| CVE-2026-35593 | Med | 0.37 | 6.8 | 0.01 | May 20, 2026 | Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the… | ||
| CVE-2026-39309 | Med | 0.29 | 5.5 | 0.00 | May 20, 2026 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading… | ||
| CVE-2025-68621 | 0.00 | — | 0.01 | Feb 6, 2026 | Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers… | |||
| CVE-2023-3067 | 0.00 | — | 0.00 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | |||
| CVE-2022-2365 | 0.00 | — | 0.00 | Jul 10, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3. | |||
| CVE-2022-2290 | 0.00 | — | 0.03 | Jul 3, 2022 | Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. | |||
| CVE-2021-43745 | 0.00 | — | 0.00 | Feb 24, 2022 | A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function |
- risk 0.53cvss —epss 0.00
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note…
- risk 0.49cvss 8.6epss 0.00
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment.…
- risk 0.42cvss 7.5epss 0.00
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to…
- risk 0.37cvss 6.8epss 0.00
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a…
- risk 0.37cvss 6.8epss 0.01
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the…
- risk 0.29cvss 5.5epss 0.00
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading…
- CVE-2025-68621Feb 6, 2026risk 0.00cvss —epss 0.01
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers…
- CVE-2023-3067Jun 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.
- CVE-2022-2365Jul 10, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.
- CVE-2022-2290Jul 3, 2022risk 0.00cvss —epss 0.03
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
- CVE-2021-43745Feb 24, 2022risk 0.00cvss —epss 0.00
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function