EUVD-2024-37277

Malicious code in bioql PyPI...

CVE-2024-22778

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

CVE-2025-46654

CVE-2025-46654 affects CodiMD up to version 2.2.0, where a CSP-based XSS protection can be bypassed by uploading an HTML file that references an uploaded JavaScript file. Documented impact is cross-site scripting due to this bypass; the vulnerability applies to 2.2.0 and earlier. No exploit detai...

PT-2025-17964 · Codimd +1 · Codimd +1

Name of the Vulnerable Software and Affected Versions: CodiMD versions 2.5.4 and earlier Description: The issue concerns a bypass of the Content Security Policy CSP protection mechanism against Cross-Site Scripting XSS attacks through uploaded SVG documents containing JavaScript. This bypass can...

PT-2025-17963 · Codimd · Codimd

Name of the Vulnerable Software and Affected Versions: CodiMD versions 2.2.0 and earlier Description: The issue concerns a bypass of the Content Security Policy CSP protection mechanism against Cross-Site Scripting XSS attacks. This can be achieved by uploading a .html file that references an...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...

CodiMD 安全漏洞

CodiMD is a real-time collaborative note-taking application open-sourced by HackMD. A security vulnerability exists in CodiMD 2.2.0 and earlier versions, which stems from the fact that the CSP-based XSS protection mechanism can be bypassed by uploaded .html files, potentially leading to cross-sit...

CVE-2024-38354

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...

CVE-2024-22778

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...

HackMD CodiMD Security Vulnerabilities

CodiMD is a real-time collaborative note-taking application open-sourced by HackMD. A security vulnerability exists in HackMD CodiMD versions prior to 2.5.2 that stems from vulnerability to denial of service attacks...

CVE-2024-22778

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...