CVE-2026-41318

AnythingLLM prior to v1.12.1 is vulnerable to stored DOM-based XSS via an unsafe image rendering rule and unsanitized chart captions in the Chartable component. The vulnerability arises because renderMarkdown(...) output is sanitized in all call sites except Chartable, where LLM-generated caption...

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

CVE-2026-33066

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

Cross-site Scripting (XSS)

opencode-ai is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of LLM-generated markdown that allows arbitrary HTML and JavaScript to be injected into the DOM, which allows an attacker to execute malicious scripts in the local web interface origin...

EUVD-2024-52324

Malicious code in bioql PyPI...

EUVD-2025-24568

Malicious code in bioql PyPI...

CVE-2025-51691

Cross-Site Scripting XSS vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 May 2025 allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before renderin...

PT-2025-32991 · Marktwo · Marktwo

Name of the Vulnerable Software and Affected Versions: MarkTwo versions prior to commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 May 2025 Description: A Cross-Site Scripting XSS issue exists in MarkTwo. The application does not properly sanitize user-supplied Markdown before rendering it, allowin...

CVE-2025-51691

CVE-2025-51691 affects MarkTwo (Markdown editor). The issue is an XSS vulnerability in the editor interface where user-supplied Markdown is not properly sanitized before rendering, enabling remote code execution in the victim’s browser via crafted input. Impact includes potential session hijackin...