📦 Hedgedoc

CVE-2021-29475 is a critical file disclosure vulnerability in HedgeDoc (formerly CodiMD) where attackers can read arbitrary files from the filesystem when exporting notes to PDF. This affects all Hedg...

CVE-2021-39175 is a cross-site scripting (XSS) vulnerability in HedgeDoc that allows unauthenticated attackers to inject malicious JavaScript into slide-mode speaker notes. This affects all HedgeDoc i...

This CVE describes a stored cross-site scripting (XSS) vulnerability in HedgeDoc's YAML metadata processing. Attackers with write access to notes can inject malicious JavaScript via Open Graph metadat...

This vulnerability in HedgeDoc allows attackers to host malicious interactive web content, such as fake login forms, via SVG files uploaded to the /uploads/ endpoint due to an overly permissive Conten...

HedgeDoc versions before 1.10.4 have CSRF vulnerabilities in OAuth2 endpoints for social login providers like Google, GitHub, GitLab, Facebook, and Dropbox. Attackers can trick authenticated users int...