Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork2.3k
Security: TriliumNext/Trilium
Security
SECURITY.md
In the (still active) 0.X phase of the project only the latest stable minor release is getting bugfixes (including security ones).
So e.g. if the latest stable version is 0.42.3 and the latest beta version is 0.43.0-beta, then 0.42 line will still get security fixes but older versions (like 0.41.X) won't get any fixes.
Description above is a general rule and may be altered on case by case basis.
You can report low severity vulnerabilities as GitHub issues, more severe vulnerabilities should be reported to the emailcontact@eliandoran.me
- Timing Attack Vulnerability in /api/login/sync (CWE-208)GHSA-hxf6-58cx-qq3x published
Feb 6, 2026 byperfectra1nHigh - Brute-force Protection Bypass via Initial Sync Seed RetrievalGHSA-hw5p-ff75-327r published
Aug 3, 2025 byperfectra1nHigh
Learn more about advisories related toTriliumNext/Trilium in theGitHub Advisory Database