CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

RedhatCVE•added 2026/04/24 4:17 p.m.•2 views

CVE-2026-40890

A flaw was found in github.com/gomarkdown/markdown, a Go library for parsing Markdown text and rendering as HTML. A remote attacker could exploit this vulnerability by providing a specially crafted malformed input. Specifically, input containing a '' character, when processed by the...

7.5CVSS5AI score0.00074EPSS

Exploits1References5

Microsoft CVE•added 2026/04/23 8:4 a.m.•2 views

github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

...

7.5CVSS5.2AI score0.00074EPSS

Exploits1

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-40890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character...

7.5CVSS5.8AI score0.00074EPSS

Exploits1References3

OSV•added 2026/04/21 8:17 p.m.•1 views

DEBIAN-CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

7.5CVSS5.3AI score0.00074EPSS

Exploits1References1

NVD•added 2026/04/21 8:17 p.m.•3 views

CVE-2026-40890

7.5CVSS0.00074EPSS

Exploits1References2

UbuntuCve•added 2026/04/21 8:17 p.m.•4 views

CVE-2026-40890

7.5CVSS5.8AI score0.00074EPSS

Exploits1References3

OSV•added 2026/04/21 8:17 p.m.•1 views

UBUNTU-CVE-2026-40890

7.5CVSS5.8AI score0.00074EPSS

Exploits1References4

Cvelist•added 2026/04/21 7:51 p.m.•29 views

CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

7.5CVSS0.00074EPSS

Exploits1References2

CVE•added 2026/04/21 7:51 p.m.•6 views

CVE-2026-40890

CVE-2026-40890 affects github.com/gomarkdown/markdown. A malformed input containing a '' read by the SmartypantsRenderer can trigger an out-of-bounds read or a panic. The vulnerability is fixed in commit 759bbc3e32073c3bc4e25969c132fc520eda2778. Connected advisories confirm the same description a...

7.5CVSS5.7AI score0.00074EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/21 7:51 p.m.•0 views

CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

7.5CVSS5.8AI score0.00074EPSS

Exploits1References2

Debian CVE•added 2026/04/21 7:51 p.m.•2 views

CVE-2026-40890

7.5CVSS5.3AI score0.00074EPSS

Exploits1

Snyk•added 2026/04/14 10:38 p.m.•1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the smartLeftAngle function in smartypants.go file. An attacker can cause a panic or read unintended memory by providing input containing a character in the remaining text. PoC package main import "bytes" "fmt"...

8.7CVSS5.8AI score0.00074EPSS

Exploits1References2

OSV•added 2026/04/14 10:38 p.m.•0 views

GHSA-77FJ-VX54-GVH7 Go Markdown has an Out-of-bounds Read in SmartypantsRenderer

Summary Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. Details The smartLeftAngle function in html/smartypants.go:367-376 performs an out-of-bounds slice operation when processing a characte...

7.5CVSS5.8AI score0.00074EPSS

Exploits1References4

Microsoft CVE•added 2025/09/04 3:31 a.m.•2 views

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

...

5.1CVSS7AI score0.03663EPSS

Exploits1

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-44337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f...

5.1CVSS6.3AI score0.03663EPSS

Exploits1References3

OSV•added 2024/12/12 3:16 p.m.•14 views

GO-2024-3205 Infinite loop in github.com/gomarkdown/markdown

Infinite loop in github.com/gomarkdown/markdown...

5.1CVSS5AI score0.03663EPSS

Exploits1References3

SUSE CVE•added 2024/10/17 2:51 a.m.•1 views

SUSE CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

5.1CVSS6.9AI score0.03663EPSS

Exploits1References5

RedhatCVE•added 2024/10/15 9:55 p.m.•13 views

CVE-2024-44337

A flaw was found in the github.com/gomarkdown/markdown Golang library. There is a logical problem with the paragraph function of the parser/block.go file. This flaw allows a remote attacker to trigger a denial of service DoS by providing a specially crafted input, causing an infinite loop...

5.3CVSS6.3AI score0.03663EPSS

Exploits1References5