7 matches found
EUVD-2025-30235
Malicious code in bioql PyPI...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview @digitalocean/do-markdownit is a Markdown-It plugin for the DigitalOcean Community. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the callout and fenceenvironment plugins when allowedClasses or allowedEnvironments is...
GHSA-2H8J-8R9P-849F @digitalocean/do-markdownit has Type Confusion vulnerability
Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...