UBUNTU-CVE-2025-7969

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...

CVE-2025-7969

CVE-2025-7969 is an XSS issue in markdown-it (improper neutralization of input during web page generation) affecting the lib/renderer.mjs path, with markdown-it 14.1.0 as the vulnerable version. IBM and related advisories reference this CVE across multiple products, noting remediation requires up...

CVE-2025-7969 Markdown-it 14.1.0 - Cross-site scripting (XSS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...

CVE-2025-7969 Markdown-it 14.1.0 - Cross-site scripting (XSS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...

CVE-2025-7969

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...

Markdown-It 安全漏洞

Markdown-It is a Markdown parser from the Markdown it! open source. A security vulnerability exists in Markdown-It version 14.1.0 that stems from improper input neutralization and could lead to cross-site scripting...

PT-2025-34250 · Unknown +1 · Markdown-It +1

Name of the Vulnerable Software and Affected Versions: markdown-it version 14.1.0 Description: A flaw exists in markdown-it due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS. The issue is associated with the lib/renderer.mjs program file...

Linux Distros Unpatched Vulnerability : CVE-2023-26303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input...

Malicious code in markdown-it-embed (npm)

The package markdown-it-embed was found to contain malicious code...

Malicious code in vscode.markdown-it-renderer (npm)

The package vscode.markdown-it-renderer was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2822922f8dca5f68d170c921999dd1e45b4dd8b470e088d9aadbe5806cc2069b This package installs a dependency hosted on a custom domain...

MAL-2025-38656 Malicious code in vscode.markdown-it-renderer (npm)

The package vscode.markdown-it-renderer was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2822922f8dca5f68d170c921999dd1e45b4dd8b470e088d9aadbe5806cc2069b This package installs a dependency hosted on a custom domain...

MAL-2025-25938 Malicious code in markdown-it-embed (npm)

The package markdown-it-embed was found to contain malicious code...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a...

CVE-2015-10005

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...

Fedora: Security Advisory (FEDORA-2023-f970cbb557)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:12772-1 python310-markdown-it-py-2.2.0-1.1 on GA media

These are all security issues fixed in the python310-markdown-it-py-2.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

Malicious code in discourse-markdown-it (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15650dd9d3ef6040ce65c2e6b3207c96240af179ecbc7061ed5064205df4673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1257 Malicious code in discourse-markdown-it (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d15650dd9d3ef6040ce65c2e6b3207c96240af179ecbc7061ed5064205df4673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Infinite loop

Overview org.webjars.bower:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Infinite loop in linkify inline rule when using malformed input. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Diff -...

Fedora 39 : python-markdown-it-py (2023-f970cbb557)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f970cbb557 advisory. Automatic update for python-markdown-it-py-2.2.0-1.fc39. Changelog Wed Mar 15 2023 Karolina Surma - 2.2.0-1 - Update to 2.2.0, includes the fix for...