Skip to content

Plainpad

Productivity & Wikis

Plainpad is a self‑hosted note taking application.

Track releases GitHub Website
PHP Latest 1.1.1 · 1mo ago Security brief →

Features

  • Self‑hosted note taking
  • Runs on your own server with full data ownership
  • Docker‑based deployment for easy setup

Recent releases

View all 2 releases →
1.1.1 Security relevant
Security fixes
  • Privilege escalation vulnerability allowing authenticated users to grant themselves admin
  • Account enumeration and unauthenticated account-lockout abuse on password recovery endpoint
  • Unsafe ORDER BY injection on user and note list endpoints
Full changelog

Plainpad is a self hosted, open source note taking application that is very easy to setup on your server.

This is a stable release, you can use it in production environments and/or update your existing installations.

https://plainpad.org/

[1.1.1] - 2026-04-23

Fixed

  • Fix privilege-escalation vulnerability allowing any authenticated user to grant themselves admin (#138)
  • Prevent account enumeration and unauthenticated account-lockout abuse on the password recovery endpoint
  • Whitelist sortable columns and sort direction on user and note list endpoints to prevent unsafe ORDER BY input
  • Add form validation rules to the user modal

--

Alex Tselegidis, Plainpad Creator

Go Premium: Custom Dev, Hosting, Support, Rebrand & more →

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
399
Forks
34
Languages
PHP JavaScript SCSS
View on GitHub Homepage

Install & Platforms

Install via
docker
Platforms
windows linux

Similar tools

note-mark
many-notes
memos
etherpad-lite
flatnotes

Beta — feedback welcome: [email protected]