EUVD-2022-6435

Malicious code in bioql PyPI...

markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)

markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....

GHSA-WFVX-FX73-3RFJ markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28455

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28455 Cross-site Scripting (XSS)

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

PT-2022-8901 · Unknown · Markdown-It-Toc

Name of the Vulnerable Software and Affected Versions: markdown-it-toc versions affected versions not specified Description: The issue affects the generation of the table of contents toc in markdown-it-toc, where the title of the generated toc and the contents of the header are not properly...

Cross-site Scripting (XSS)

Overview markdown-it-toc is an Adds syntax for an automatically generated table of contents to markdown-it markdown parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The title of the generated toc and the contents of the header are not escaped. PoC // XSS from...

@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)

markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....

@aconex/styleguide (>=2.0.1 <=2.2.0), alinex-report (>=1.0.2 <=1.3.14) potentially affected by unknown CVE via markdown-it-toc-and-anchor (>=2.0.0 <=4.1.2)

markdown-it-toc-and-anchor NPM version =2.0.0, =2.0.1, =1.0.2, =1.3.14 Source cves: unknown CVE Source advisory: OSV:GHSA-X6M6-5HRF-FH6R...

Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

GHSA-X6M6-5HRF-FH6R Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Denial of Service

Overview All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...