Product
SiYuan versions 3.6.3 and below are vulnerable to arbitrary code execution due to insecure rendering of Mermaid diagrams, allowing injected javascript: URLs within Mermaid code blocks to execute arbitrary code when a victim opens a note containing a malicious Mermaid block and clicks the rendered diagram node.