Microsoft Onenote
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Onenote.
Recent Microsoft Onenote Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-29822 | CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability | April 8, 2025 |
| CVE-2025-21402 | CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability | January 14, 2025 |
| CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | February 13, 2024 |
| CVE-2023-36769 | Microsoft OneNote Spoofing Vulnerability | August 15, 2023 |
| CVE-2023-33140 | Microsoft OneNote Spoofing Vulnerability | June 13, 2023 |
| CVE-2023-21721 | Microsoft OneNote Spoofing Vulnerability | February 14, 2023 |
| CVE-2022-44691 | Microsoft Office OneNote Remote Code Execution Vulnerability | December 13, 2022 |
By the Year
In 2025 there have been 1 vulnerability in Microsoft Onenote with an average score of 7.8 out of ten. Last year, in 2024 Onenote had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Onenote in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.70.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 7.80 |
| 2024 | 1 | 7.10 |
| 2023 | 3 | 6.13 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Onenote vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Onenote Security Vulnerabilities
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21402
7.8 - High
- January 14, 2025
Microsoft Office OneNote Remote Code Execution Vulnerability
Improper Restriction of Names for Files and Other Resources
Microsoft OneNote Library Injection Vulnerability on macOS
CVE-2024-41159
7.1 - High
- December 18, 2024
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Improper Verification of Cryptographic Signature
Microsoft OneNote Spoofing Vulnerability
CVE-2023-36769
5.4 - Medium
- November 06, 2023
Microsoft OneNote Spoofing Vulnerability
Microsoft OneNote Spoofing Vulnerability
CVE-2023-33140
6.5 - Medium
- June 14, 2023
Microsoft OneNote Spoofing Vulnerability
Microsoft OneNote Elevation of Privilege Vulnerability
CVE-2023-21721
6.5 - Medium
- February 14, 2023
Microsoft OneNote Elevation of Privilege Vulnerability
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file
CVE-2014-2815
8.8 - High
- August 12, 2014
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Onenote or by Microsoft? Click the Watch button to subscribe.
