VYPR
Vendor

HedgeDoc

Products
2
CVEs
13
Across products
15
Status
Private

Products

2

Recent CVEs

13
  • CVE-2021-29474MedApr 26, 2021
    risk 0.31cvss 4.7epss 0.02

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you…

  • CVE-2026-25642Feb 6, 2026
    risk 0.00cvss epss 0.00

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to…

  • CVE-2025-66629Dec 5, 2025
    risk 0.00cvss epss 0.00

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and…

  • CVE-2025-32391MedApr 10, 2025
    risk 0.00cvss 6.4epss 0.00

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP…

  • CVE-2024-45308MedSep 2, 2024
    risk 0.00cvss 6.5epss 0.01

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is…

  • CVE-2023-38487MedAug 4, 2023
    risk 0.00cvss 6.5epss 0.01

    HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively…

  • CVE-2022-24837MedApr 11, 2022
    risk 0.00cvss 5.3epss 0.01

    HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant…

  • CVE-2021-39175HigAug 30, 2021
    risk 0.00cvss 8.1epss 0.01

    HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the…

  • CVE-2021-29503HigMay 19, 2021
    risk 0.00cvss 8.1epss 0.01

    HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note,…

  • CVE-2021-29475CriApr 26, 2021
    risk 0.00cvss 10.0epss 0.01

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the…

  • CVE-2021-21259HigJan 22, 2021
    risk 0.00cvss 7.4epss 0.01

    HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the…

  • CVE-2020-26287HigDec 29, 2020
    risk 0.00cvss 8.7epss 0.01

    HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but…

  • CVE-2020-26286HigDec 29, 2020
    risk 0.00cvss 7.5epss 0.01

    HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should…