In July 2025, Doyensec conducted an audit of Outline, an open-source wiki akin to Notion, using both manual testing and three AI security platforms. Two researchers dedicated 60 person-days to this project, focusing solely on the Outline OSS version 0.85.1. The audit aimed to assess the application's security posture, especially its APIs, which met or exceeded industry best practices. However, the audit did not encompass the entire codebase or external dependencies, which led to the discovery of vulnerabilities stemming from third-party libraries. The audit uncovered seven unique vulnerabilities, including a medium-severity Server-Side Request Forgery (SSRF) issue (OUT-Q325-01) that affects only the self-hosted version of Outline, as the cloud version has protective measures in place. Another notable finding was a bug in the vite-plugin-static-copy npm module (OUT-Q325-02), impacting only development mode. Additionally, the audit identified a security flaw allowing cross-site scripting (OUT-Q325-06) due to a problematic handling of content types in the response, which was inadvertently mitigated by a Content Security Policy directive. The researchers also pointed out that certain vulnerabilities could lead to privilege escalation. Specifically, by exploiting vulnerabilities like OUT-Q325-03, OUT-Q325-06, and Outline's sharing features, an attacker could potentially take control of an admin account. The findings highlight the importance of continuous security assessments, especially as codebases evolve and new integrations are added.