Linux Distros Unpatched Vulnerability : CVE-2026-40890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

DEBIAN-CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

CVE-2019-20871

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking...

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS in safemode due to improper handling of incomplete HTML tags. The encodeincompletetags function fails to properly check for auto links, allowin...

DEBIAN-CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

Markdown 安全漏洞

Markdown is a Go library open-sourced by gomarkdown for parsing Markdown text and rendering it to HTML. A security vulnerability exists in Markdown that stems from a logic problem in the paragraph function of the parser/block.go file...

Out Of Bound Read

github.com/gomarkdown/markdown is vulnerable to Out Of Bound Read Vulnerability. The vulnerability occurs in citation.go due to parsing an element beyond its length, leading to an out-of-bounds read. The attacker can exploit this issue by utilizing the parser.Mmark extension which can lead in a...

Markdown Buffer Error Vulnerability

Markdown is gomarkdown open source a Go library for parsing Markdown text and rendering it as HTML. Previous versions of gomarkdown/markdown 0.0.0-20230922105210-14b16010c2ee had a buffer error vulnerability that stemmed from an out-of-bounds read vulnerability when parsing incorrectly formatted...

UBUNTU-CVE-2023-0155

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown...

SUSE CVE-2018-11468

The mkdtrimline function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file, as demonstrated by mkd2html...

SUSE CVE-2018-12495

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file...

SUSE CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25102 via simple-markdown (>=0.0.9 <=0.5.3)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25102 Source advisory: OSV:GHSA-J533-2G8V-PMPG...

UBUNTU-CVE-2021-30027

mdanalyzeline in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document...

PT-2020-16226 · Peg · Peg-Markdown

Name of the Vulnerable Software and Affected Versions: peg-markdown version 0.4.14 Description: The issue is related to a NULL pointer dereference in the process raw blocks function located in markdown lib.c. This problem only affects products that are no longer supported by the maintainer...