EUVD-2026-34870

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

Astra Linux – Vulnerability in node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch might cause catastrophic backtracking for certain strings, leading to a denial of service DoS attack. Any user who runs untrusted markdown using a vulnerable version of Marked, without...

Astra Linux - уязвимость в node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking against certain strings, leading to a regular expression denial of service ReDoS attack. Any user who runs untrusted markdown using a vulnerable version of...

CentOS 9 : python-markdown-3.3.4-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- markdown-3.3.4-5.el9 build changelog. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an...

Amazon Linux 2023 : python3-markdown (ALAS2023-2026-1492)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1492 advisory. Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-...

SUSE-SU-2026:0846-1 Security update for python-Markdown

This update for python-Markdown fixes the following issue: - CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process untrusted Markdown bsc1259256...

SUSE CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

CVE-2025-69534

The CVE-2025-69534 affects Python-Markdown 3.8, where malformed HTML-like sequences trigger an unhandled AssertionError in html.parser.HTMLParser during Markdown parsing. This can produce a remote, unauthenticated Denial of Service for applications rendering untrusted Markdown, with potential inf...

EUVD-2020-0101

Malware in sbrugna...

EUVD-2021-1222

Malware in sbrugna...

EUVD-2022-0473

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some...

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from 'marked'; console.logmarked.parsex: x \\; Who is impacted? Anyone who runs...

GHSA-RRRM-QJM4-V8HF Inefficient Regular Expression Complexity in marked

Impact What kind of vulnerability is it? Denial of service. The regular expression block.def may cause catastrophic backtracking against some strings. PoC is the following. javascript import as marked from "marked"; marked.parsex:$' '.repeat1500x $' '.repeat1500 x; Who is impacted? Anyone who run...

DEBIAN-CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

DEBIAN-CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...