SiYuan

by Yunnan Liandi Technology Co., Ltd.v3.6.5

Last updated Jun 8, 2026

The next generation PKM system, your digital garden

Install with winget

$ winget install --id B3log.SiYuan --exact --version 3.6.5

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for SiYuan

SiYuan uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x64, user scope)

siyuan-3.6.5-win.exe /S /currentuser

See the full silent install reference for SiYuan →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

SiYuan is a local-first personal knowledge management system, support fine-grained block-level reference and Markdown WYSIWYG.

Installers · v3.6.5

Architecture	Type	Scope	Download
x64	EXE NSIS	user	Direct
x64	EXE NSIS	machine	Direct
arm64	EXE NSIS	user	Direct
arm64	EXE NSIS	machine	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

medium5.4Patched in wingetCVE-2026-40922affects before 3.6.4Apr 16, 2026
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix bl...
Patch
critical9.0Patched in wingetCVE-2026-40322affects before 3.6.4Apr 16, 2026
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid...
high8.5Patched in wingetCVE-2026-40318affects before 3.6.4Apr 16, 2026
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject...
high8.1Patched in wingetCVE-2026-40259affects before 3.6.4Apr 16, 2026
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id direct...
medium6.5Patched in wingetCVE-2026-40107affects before 3.6.4Apr 9, 2026
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SVG is i...
Vendor advisory
critical9.0Patched in wingetCVE-2026-39846affects before 3.6.4Apr 7, 2026
SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped int...
Vendor advisory
medium6.1Patched in wingetCVE-2026-34605affects before 3.6.2Mar 31, 2026
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such a...
Vendor advisory
high8.6Patched in wingetCVE-2026-34585affects before 3.6.2Mar 31, 2026
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a...
Vendor advisory

Showing 8 of 25. Source: NVD, updated 4h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Wondershare PDFelementWondershare
Wondershare.PDFelement.12v12.1.23
Take control of your documents with this powerful PDF editor.
Notepad++Notepad++ Team
Notepad++.Notepad++v8.9.6.4
Notepad++ is a free source code editor that supports several languages.
Microsoft Visual Studio CodeMicrosoft Corporation
Microsoft.VisualStudioCodev1.124.2
Microsoft Visual Studio Code is a code editor redefined and optimized for building and debugging modern web and cloud applications. Microsoft Visual Studio Code is free and available on your favorite platform - Linux, macOS, and Windows.
A
Adobe Acrobat ProAdobe
Adobe.Acrobat.Prov26.001.21529
Collaborate With Your Clients — Review Documents In Real Time With Your Team, Wherever and Whenever You Want. Edit, Sign, Share, Protect & Search PDF's On Any Device.
LLM Wikillmwiki
nashsu.LLMWikiv0.4.23
A personal knowledge base that builds itself. LLM reads your documents, builds a structured wiki, and keeps it current.
CapCutBytedance Pte. Ltd.
ByteDance.CapCutv8.7.0.3685
A video editing tool packed with features on your desktop or laptop

Frequently asked questions

How do I install SiYuan on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id B3log.SiYuan --exact --version 3.6.5. winget downloads the installer from Yunnan Liandi Technology Co., Ltd. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install SiYuan silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id B3log.SiYuan --exact 3.6.5 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for SiYuan?

SiYuan uses EXE (NSIS). Run the downloaded installer with: siyuan-3.6.5-win.exe /S /currentuser. The silent switches are /S.

How do I uninstall SiYuan via winget?

Run: winget uninstall --id B3log.SiYuan --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from SiYuan's Apps & Features entry.

Is SiYuan free?

SiYuan is distributed under AGPL-3.0. Refer to the publisher (https://b3log.org/siyuan/en) for the full license terms - Wingetly itself does not charge for installation.

Does SiYuan work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls SiYuan directly from the publisher.

How do I keep SiYuan up to date?

Run winget upgrade --id B3log.SiYuan --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of SiYuan from microsoft/winget-pkgs.

Recent versions

3.6.5latest
3.6.4
3.6.3
3.6.2
3.6.1
3.6.0
3.5.10
3.5.9
3.5.8
3.5.7