Vulnerabilities > Obsidian > Obsidian > 0.10.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-19 | CVE-2023-2110 | Path Traversal vulnerability in Obsidian Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". | 7.1 |
| 2023-05-20 | CVE-2023-33244 | Unspecified vulnerability in Obsidian Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | 8.2 |
| 2021-08-07 | CVE-2021-38148 | Unspecified vulnerability in Obsidian Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. | 7.5 |