Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `onload` attribute of images copied and pasted into the rich text editor. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/lib` to version 2.12.1 or higher.	<2.12.1
H Cross-site Scripting (XSS) @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via note titles, due to unescaped user input reaching `GotoAnything.tsx`. This may lead to Remote Code Execution. How to fix Cross-site Scripting (XSS)? Upgrade `@joplin/lib` to version 2.9.1 or higher.	<2.9.1

Go back to all versions of this package