Joplin

joplinapp.org
Awesome PrivacyProductivityDigital NotesJoplin
Joplin

Cross-platform desktop and mobile note-taking and todo app. Easy organisation into notebooks and sections, revision history and a simple UI. Allows for easy import and export of notes to or from other services. Supports synchronisation with cloud services, implemented with E2EE.

Avoid

  • evernote
  • microsoft onenote
  • google keep
  • apple notes
  • simplenote
  • notion

Also Consider

Security Audited Open Source

Joplin Privacy Policy

Privacy Policy Summary

  • You can delete your content from this service

Score

C

Documents

About the Data

This data is kindly provided by tosdr.org. Read full report at: #9477

Joplin Source Code

Author

laurent22

Description

Joplin - the privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS.

#android#dropbox#electron#enex-files#evernote#javascript#joplin#nextcloud#nodejs#note-taking#notesnook#obsidian#onedrive#react-native#standardnotes#synchronisation#web-clipper#webdav

Homepage

https://joplinapp.org

License

NOASSERTION

Created

16 Jan 17

Last Updated

16 Jun 26

Latest version

v3.7.1

Primary Language

TypeScript

Size

643,699 KB

Stars

55,240

Forks

6,144

Watchers

55,240

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • Laurent Cozic (16 Jun 26)

    Plugin Generator release v3.7.2

  • Laurent Cozic (16 Jun 26)

    Chore: Update plugin API types

  • Laurent Cozic (16 Jun 26)

    Chore: Revert "unknown" types to "any" in plugin API (#15695)

  • Laurent Cozic (16 Jun 26)

    Plugin Generator release v3.7.1

  • Laurent Cozic (15 Jun 26)

    Chore: Fixed releasePluginGenerator script

  • Laurent Cozic (15 Jun 26)

    Chore: Update plugin API

  • Laurent Cozic (15 Jun 26)

    Revise title of AI embeddings documentation Updated the title of the AI embeddings documentation.

  • renovate[bot] (15 Jun 26)

    chore(deps): update dependency git to v2.52.0 (#15693) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • Laurent Cozic (15 Jun 26)

    Chore: Do initial scan of notes when enabling embedding indexer (#15694)

  • Laurent Cozic (15 Jun 26)

    Chore: Clean up embeddings feature and add doc (#15692)

  • Laurent Cozic (15 Jun 26)

    Chore: Fixed translation of "Idle" in French

  • Laurent Cozic (15 Jun 26)

    Desktop: Add embedding indexer status panel and existing-note backfill (#15691)

  • renovate[bot] (15 Jun 26)

    fix(deps): update dependency @react-native-vector-icons/material-icons to v12.4.3 (#15689) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • Laurent Cozic (15 Jun 26)

    Chore: Fixed lock file

  • renovate[bot] (15 Jun 26)

    fix(deps): update dependency @react-native-vector-icons/fontawesome5 to v12.3.3 (#15687) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • renovate[bot] (15 Jun 26)

    fix(deps): update dependency @react-native-vector-icons/material-design-icons to v12.4.3 (#15688) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • Laurent Cozic (15 Jun 26)

    Plugins: Add semantic search plugin API (joplin.ai.search) (#15686)

  • krevad (15 Jun 26)

    All: Translation: Update sv.po (#15685)

  • renovate[bot] (14 Jun 26)

    chore(deps): update dependency @types/adm-zip to v0.5.8 (#15684) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • Laurent Cozic (14 Jun 26)

    Desktop: Add local embedding provider for note indexing (#15683)

  • Laurent Cozic (14 Jun 26)

    Desktop: Add embedding model downloader (#15679)

  • renovate[bot] (14 Jun 26)

    fix(deps): update dependency nanoid to v5.1.7 (#15677) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • renovate[bot] (13 Jun 26)

    fix(deps): update dependency dotenv to v17.3.1 (#15676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

  • Laurent Cozic (13 Jun 26)

    Desktop: Embeddings indexer: Also index note titles

  • Laurent Cozic (13 Jun 26)

    Desktop: Add note embeddings indexer (#15674)

  • Laurent Cozic (12 Jun 26)

    Doc: Update how we credit security vulnerability disclosure Due to most if not all security vulnerabilities now being discovered by LLM we no longer credit reports. Most of the work is in verifying the finding, implementing a solution and releasing a new version, and this is works that we do.

  • Joplin Bot (12 Jun 26)

    Doc: Auto-update documentation Auto-updated using release-website.sh

  • Laurent Cozic (12 Jun 26)

    Desktop: Add note embeddings storage layer (#15671)

  • mrjo118 (12 Jun 26)

    Mobile: Fixes #15483: Disable external embeds on mobile and hide the setting (#15602)

  • Aissa Benfodda (12 Jun 26)

    Desktop: Resolves #14211: Error importing from format: one (#15615)

Joplin Security

4.6/10

Repo Security Summary

Updated 25 May 26

  • Maintained 10/10
  • Code-Review 4/10
  • Dangerous-Workflow 10/10
  • Packaging N/A
  • Security-Policy 10/10
  • CII-Best-Practices 0/10
  • Token-Permissions 0/10
  • License 9/10
  • Binary-Artifacts 7/10
  • Branch-Protection N/A
  • Signed-Releases 0/10
  • SAST 0/10
  • Pinned-Dependencies 0/10
  • Fuzzing 0/10

Security Advisories (15)

  • medium Patched CVSS 5.7

    CVE-2026-34600 Logic error in Joplin Server allows share recipients to read notes they no longer have access to

  • high Patched CVSS 8.2

    CVE-2026-22810 Path traversal in OneNote importer allows overwriting arbitrary files

  • medium Patched CVSS 5.5

    CVE-2025-57798 Denial of Service (DoS) via Uncontrolled Resource Allocation in Joplin Title Input

  • high Patched CVSS 7.5

    CVE-2025-27409 Path traversal in Joplin Server

  • high Patched CVSS 8.8

    CVE-2025-27134 Privilege escalation in Joplin server via user patch endpoint

  • high Unpatched CVSS 7.8

    CVE-2025-24028 XSS in Rich Text Editor allows arbitrary code execution

  • low Patched CVSS 3.3

    CVE-2024-55630 DOM Clobbering leads to temporary DOS in the note viewer

  • high Patched CVSS 7.2

    CVE-2024-53268 Lack of validation on openExternal allows XSS

  • high Patched CVSS 7.8

    CVE-2025-25187 XSS in Goto Anything allows arbitrary code execution

  • high Unpatched CVSS 7.7

    CVE-2024-49362 XSS on <a> Link in markdown preview

  • high Unpatched CVSS 8.6

    CVE-2024-40643 Parsing error leading to XSS

  • high Patched CVSS 8.1

    CVE-2023-45673 Arbitrary code execution on click of PDF links

  • high Patched CVSS 7.3

    CVE-2023-39517 XSS when clicking on an untrusted `<map>` link

  • high Patched CVSS 7.3

    CVE-2023-38506 XSS when pasting HTML into the rich text editor

  • high Patched CVSS 7.3

    CVE-2023-37898 Safe mode XSS vulnerability

Joplin Website

Website

Joplin

Joplin, the open source note-taking application

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address 185.199.111.153
  • Hostname cdn-185-199-111-153.github.com
  • Location California, Pennsylvania, United States of America, NA
  • ISP GitHub Inc.
  • ASN AS54113

Associated Countries

  • FR FR
  • US US

Safety Score

Website marked as safe

100%

Blacklist Check

joplinapp.org was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview
View full report at web-check.xyz

Joplin Android App

APK Info

De-Googled Compatibility

Native 4.00 / 4 9 ratings
microG 4.00 / 4 5 ratings
  • GrapheneOS Native 4.0 / 4 (6)
  • LineageOS Native 4.0 / 4 (2)
  • CalyxOS microG 4.0 / 4 (2)

Tested on Android 14–16 · Updated 22 Nov 25 · View on Plexus →

Trackers

No trackers found

Permissions

  • Access Fine Location
  • Access Network State
  • Access Wifi State
  • Internet
  • Post Notifications
  • Read External Storage
  • Read Media Images
  • Receive Boot Completed
  • Record Audio
  • Use Biometric
  • Use Fingerprint
  • Vibrate
  • Wake Lock
  • Write External Storage
  • Access Fingerprint Manager
  • Write Use App Feature Survey

Joplin iOS App

App Info

Joplin

Privacy-first app Capture your thoughts freely and without distractions, tracking, or ads. With Joplin’s end-to-end encryption and open-source code, you can concentrate on your ideas and tasks without worrying about your privacy. Capture multimedia notes Capture multimedia notes effortlessly. In Joplin you can : • create manuscript notes, • transcribe speech to note, • add multimedia: photos, videos, PDFs, and images, • insert documents as attachments, • create math expressions, add tables, write code and insert diagrams, • create to-dos and add reminders. Organise your ideas Organise your notes into notebooks. Connect your notes with tags by subject or priority. Use colours and rich text editor to format your notes with ease. Make task lists, create to-dos and add reminders. Effortlessly find your notes, even within PDFs and images, thanks to the powerful search feature enhanced by Optical Character Recognition (OCR) technology. Use Joplin to store your bills, lecture notes, photos or receipts. Reliable synchronisation Access your notes from computer, phone or tablet by synchronising with various services including Joplin Cloud, Dropbox and OneDrive. Seamlessly move from one device to another. Offline-first You can access your notes anytime and anywhere, even without Internet. If you’re using Joplin on multiple devices, they will synchronise and update once you regained the connection. Enhance your productivity across devices Extend your note-taking experience by using Joplin on additional devices such as a desktop computer or tablet. Make the most of each device by using its specific features. On the desktop app, use a web clipper extension, wide-range of community plugins and a Markdown editor. Experience flawless handwriting and drawing on your tablet. Join active community Connect with Joplin’s vibrant community on Joplin Forum. It’s a place where users can share ideas, ask questions, exchange information and give feedback. Joplin’s dynamic community also develops powerful plugins, so you can customise your app to suit your needs.

Rating

Rated 4.15 out of 5 stars by 463 users

Version Info

  • Current Version 13.6.9
  • Last Updated 22 May 26
  • First Released 21 Nov 17
  • Minimum iOS Version 15.6
  • Device Models Supported 127

App Details

  • IPA Size 71.02 Mb
  • Price Free (USD)
  • Age Advisory 4+
  • Supported Languages 1
  • Developer Laurent Cozic
  • Bundle ID net.cozic.joplin

Screenshots

  • App screenshot

Joplin Reviews

More Digital Notes

  •
    Cryptee

    Cryptee

     crypt.ee

    Private & encrypted rich-text documents. Cryptee has encryption and anonymity at its core, it also has a beautiful and minimalistic UI. You can use Cryptee from the browser, or download native apps. Comes with many additional features, such as support for photo albums and file storage. The disadvantage is that only the frontend is open source. Pricing is free for starter plan, $3/ month for 10GB, additional plans go up-to 2TB.

    No Security Audit Not Open Source cryptee/web-client
    View Cryptee Report
  • Logseq

    Logseq

     logseq.com

    Privacy-first, open-source knowledge base that works on top of local plain-text Markdown and Org-mode files. Supports lots of different note modes, including task management, PDF annotation, flashcards, whiteboards strong markdown support and more. Includes themes and extensions, backed by a strong community

    No Security Audit Open Source logseq/logseq
    View Logseq Report
  • Notable

    Notable

     notable.md

    An offline markdown-based note editor for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, built-in cloud-sync, encryption or web UI. But due to the structure of the files, it is easy to use your own cloud sync provider, and additional features are provided through extensions.

    No Security Audit Open Source notable/notable
    View Notable Report
  • Obsidian

    Obsidian

     obsidian.md

    A powerful knowledge base that works on top of local plain-text Markdown files. It has a strong community, and a lot of plugins and themes. Generally privacy-respecting, but no encryption out of the box, and some of the code is obfuscated or not fully open source

    Security Audited Not Open Source obsidianmd/obsidian-releases
    View Obsidian Report
  • Standard Notes

    Standard Notes

     standardnotes.com

    S.Notes is a free, open-source, and completely encrypted private notes app. It has a simple UI, yet packs in a lot of features, thanks to the Extensions Store, allowing for: To-Do lists, Spreadsheets, Rich Text, Markdown, Math Editor, Code Editor and many more. You can choose between a number of themes (yay, dark mode!), and it features built-in secure file store, tags/ folders, fast search and more. Standard Notes is actively developed, and fully open-source.

    Security Audited Open Source standardnotes/app
    View Standard Notes Report
  • Turtle

    Turtle

     turtlapp.com

    A secure, collaborative notebook. Self-host it yourself, or use their hosted plan (free edition or $3/ month for premium).

    Security Audited Open Source turtl/desktop
    View Turtle Report
  • VNote

    VNote

     app.vnote.fun/en_us

    A free, open-source note-taking application built with Qt, focused on providing a pleasant Markdown editing experience. It manages notes directly as plain text files on your local system.

    Open Source vnotex/vnote
    View VNote Report
View More...

About the Data: Joplin

Change History

  • Amended (androidApp, iosApp, subreddit)

API

You can access Joplin's data programmatically via our API. Simply make a GET request to: 

https://api.awesome-privacy.xyz/v1/services/joplin

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Joplin

Help your friends compare Digital Notes, and pick privacy-respecting software and services.
Share Joplin and Awesome Privacy with your network!

← Previous

Notable
View Digital Notes (8)
Next →

Logseq