Every CVE whose affected-product data names Joplin Project Joplin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2022-23340 — CVSS 9.8 (critical): Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
CVE-2024-40643 — CVSS 9.6 (critical): Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter…
CVE-2023-45673 — CVSS 8.9 (high): Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows…
CVE-2025-27134 — CVSS 8.8 (high): Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior…
CVE-2023-38506 — CVSS 8.2 (high): Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data…
CVE-2023-39517 — CVSS 8.2 (high): Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows…
CVE-2023-37898 — CVSS 8.2 (high): Joplin is a free, open source note taking and to-do application. A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened…
CVE-2025-25187 — CVSS 7.8 (high): Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This…
CVE-2025-24028 — CVSS 7.8 (high): Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This…
CVE-2024-49362 — CVSS 7.7 (high): Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution…
CVE-2025-27409 — CVSS 7.5 (high): Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior…
CVE-2024-53268 — CVSS 7.2 (high): Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected…
CVE-2022-45598 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
CVE-2018-1000534 — CVSS 6.1 (medium): Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow…
CVE-2021-33295 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper…
CVE-2024-55630 — CVSS 3.3 (low): Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks…