SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
javascript:
{ "url": "https://pkg.go.dev/vuln/GO-2026-4669", "review_status": "UNREVIEWED" }
"https://vuln.go.dev/ID/GO-2026-4669.json"