Vulnerabilities > Obsidian > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-36450 Improper Input Validation vulnerability in Obsidian
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.
network
low complexity
obsidian CWE-20
critical
 9.8
9.8
2021-08-07 CVE-2021-38148 Unspecified vulnerability in Obsidian
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.
network
low complexity
obsidian
critical
 9.8
9.8