26 matches found
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
PT-2025-38507
Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
CVE-2025-59717
The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...
OESA-2025-1044 apache-mina security update
Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The...