1.6.4

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-12	CVE-2024-41481	Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. network low complexity typora CWE-79	6.1
2024-08-12	CVE-2024-41482	Cross-site Scripting vulnerability in Typora Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. network low complexity typora CWE-79	6.1
2023-09-01	CVE-2023-39703	Cross-site Scripting vulnerability in Typora A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. network low complexity typora CWE-79	6.1
2023-08-19	CVE-2023-2316	Path Traversal vulnerability in Typora Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". network low complexity typora CWE-22	7.4
2023-08-19	CVE-2023-2317	Cross-site Scripting vulnerability in Typora DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. network low complexity typora CWE-79 critical	9.6
2023-08-19	CVE-2023-2971	Path Traversal vulnerability in Typora Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". network low complexity typora CWE-22	6.5
2022-12-23	CVE-2022-40011	Cross-site Scripting vulnerability in Typora Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor. network low complexity typora CWE-79	6.1