Markdown-it Security Vulnerabilities
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted...
5.5CVSS
5.2AI Score
0.0004EPSS
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as...
5.5CVSS
5.2AI Score
0.0004EPSS
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of...
7.5CVSS
7.6AI Score
0.001EPSS
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not...
7.3CVSS
6.2AI Score
0.001EPSS
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the...
7.3CVSS
6.3AI Score
0.001EPSS
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from...
5.3CVSS
5AI Score
0.001EPSS
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require("markdown-it-highlightjs"); const md = require('markdown-it'); const...
6.5CVSS
6.3AI Score
0.001EPSS
5.3CVSS
5.5AI Score
0.002EPSS