Joplin is open source, and it has been reviewed (at least once). That is good. But before you put these very personal data of yours into your notes and have them upload to the server you love, read this care fully and think again.
Bruce Schneier on open source
Why does this matter ? because reviewed, screened and virus-checked or not, every time the open source code is changed, this invalidates the last security review. And no review would anyway detect malware inside the code libraries used to build Joplin.
So don't bet the farm on E2EE. The next time you update your joplin app, the upload may go elsewhere than expected. Joplin is a great tool, but understand the limitations. It is certainly good for 95% of your private notes. The rest belongs somewhere else.