joplin

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 11 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 21, 2024 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

7.7

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

35/100

low

📈 2 in Last 30 Days

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

XSS

Code Injection

Infoleak

Path Traversal

Input Validation

Most Affected Products

1. Joplin Joplin8

2. Joplin Project Joplin5

3. Joplin Joplin Server2

4. Joplin Server1

Recent Vulnerabilities

See more →

CVE-2026-34600

CVSS 5.7medium

Joplin Server delta API returns note content after share access is revoked

5/19/2026🔧 No Patch

CVE-2025-57798

CVSS 5.5medium

Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

5/19/2026🔧 No Patch

CVE-2025-27134

CVSS 8.8high

Privilege escalation in Joplin server via user patch endpoint

4/30/2025

CVE-2025-27409

CVSS 7.5high

Joplin Server Vulnerable to Path Traversal

4/30/2025

CVE-2025-25187

CVSS 7.8EPSS 0%high

Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

2/7/2025🔧 No Patch

CVE-2025-24028

CVSS 9.6EPSS 0%critical

Cross-site Scripting (XSS) in Rich Text Editor allows arbitrary code execution in Joplin

2/7/2025

CVE-2024-55630

CVSS 5.5medium

DOM Clobbering leads to temporary DOS in the note viewer in Joplin

2/7/2025

CVE-2024-53268

CVSS 8.8high

Lack of validation on openExternal allows 1 click remote code execution in joplin

11/25/2024🔧 No Patch

CVE-2023-37898

CVSS 8.2high

Safe mode Cross-site Scripting (XSS) vulnerability in Joplin

6/21/2024🔧 No Patch

CVE-2023-38506