CVE-2026-36725

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the noticecontent parameter...

CVE-2026-36728

A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown raw HTML allowed vulnerability discovered by ? in WordPress Npm md-fileserver versions 1.10.3...

CVE-2026-33066

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

CVE-2021-28833

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796...

EUVD-2021-1689

Malware in sbrugna...

EUVD-2025-28983

Malicious code in bioql PyPI...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

Linux Distros Unpatched Vulnerability : CVE-2023-6396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release...

Linux Distros Unpatched Vulnerability : CVE-2019-15739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS...

CVE-2021-28833

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796...

CVE-2021-28796

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers...

Design/Logic Flaw

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

Dropbox: Dropbox Paper - Markdown XSS

Hello, Today I took a look at Dropbox Paper and noticed there is an option to export/download the project as a Markdown or word docx document. I noticed it doesn't filter any kind of Markdown escaping, meaning when parsed after download will let us execute client side code. equivallent to arbrita...