CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.showdownjs:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n...