GNU Org Mode
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNU Org Mode.
By the Year
In 2026 there have been 0 vulnerabilities in GNU Org Mode. Org Mode did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 0.00 |
| 2023 | 1 | 7.80 |
It may take a day or so for new Org Mode vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Org Mode Security Vulnerabilities
Org Mode remote file trust in Emacs <29.3 / <9.6.23
CVE-2024-30205
- March 25, 2024
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Emacs <=29.2: Default LaTeX Preview in email attachments triggers code exec
CVE-2024-30204
- March 25, 2024
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
GNU Emacs Gnus Inline MIME Trust Bypass before 29.3
CVE-2024-30203
- March 25, 2024
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Emacs<=29.3 Org Mode XSS: Eval arbitrary Lisp code before 9.6.23
CVE-2024-30202
- March 25, 2024
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Org Mode 9.6.1 Shell Metachar Abuse in ob-latex Execute
CVE-2023-28617
7.8 - High
- March 19, 2023
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Org Mode or by GNU? Click the Watch button to subscribe.
