15 matches found
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
EUVD-2026-34870
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...
CVE-2026-50733
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), enabling arbitrary JavaScript execution across render paths (live preview, presentation mode, and HTML export via WaveDrom.ProcessAll()/eva()). Attack vector includes a crafted m...
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
PT-2026-47025
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...
Astra Linux - уязвимость в node-json5
JSON5 is an extension to the popular JSON file format, designed to make it easier to write and maintain manually, especially for configuration files. The parse method in the JSON5 library, as of versions 1.0.1 and 2.2.1, does not restrict the parsing of keys named proto. This allows specially...
Atlassian Confluence < 8.5.17 / 8.6.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 XSS (CONFSERVER-101487)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101487 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse metho...
json5 crate is unmaintained
The json5 crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - serdejson5 - jsonc-parser - json-five...
Malicious code in @zalastax/nolb-json-5 (npm)
The package @zalastax/nolb-json-5 was found to contain malicious code...
json5: Prototype Pollution in JSON5 via Parse Method
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...
GHSA-9C47-M6QQ-7P4H Prototype Pollution in JSON5 via Parse Method
The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...
CVE-2022-46175
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...
AZL-44886 CVE-2022-46175 affecting package js-jquery 3.5.0-4
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...
UBUNTU-CVE-2022-46175
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...