VYPR
Vendor

Triliumnext

Products
2
CVEs
11
Across products
12
Status
Private

Products

2

Recent CVEs

11
  • CVE-2026-45668CriMay 29, 2026
    risk 0.53cvss epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note…

  • CVE-2026-39310HigMay 20, 2026
    risk 0.49cvss 8.6epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running in an Electron environment.…

  • CVE-2025-53544HigAug 5, 2025
    risk 0.42cvss 7.5epss 0.00

    Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to…

  • CVE-2026-39311MedMay 20, 2026
    risk 0.37cvss 6.8epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy (CSP) and a…

  • CVE-2026-35593MedMay 20, 2026
    risk 0.37cvss 6.8epss 0.01

    Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the…

  • CVE-2026-39309MedMay 20, 2026
    risk 0.29cvss 5.5epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading…

  • CVE-2025-68621Feb 6, 2026
    risk 0.00cvss epss 0.01

    Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers…

  • CVE-2023-3067Jun 2, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4.

  • CVE-2022-2365Jul 10, 2022
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3.

  • CVE-2022-2290Jul 3, 2022
    risk 0.00cvss epss 0.03

    Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.

  • CVE-2021-43745Feb 24, 2022
    risk 0.00cvss epss 0.00

    A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function