181 matches found
rdiscount has an Out-of-bounds Read
Summary A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process Details In both...
GHSA-6R34-94WQ-JHRC rdiscount has an Out-of-bounds Read
Summary A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process Details In both...
CVE-2026-33347
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...
CVE-2026-33347
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...
Cross-site Scripting (XSS)
Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DisallowedRawHtml extension when a newline, tab, or...
DEBIAN-CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
UBUNTU-CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
commonmark 跨站脚本漏洞
Commonmark is a highly scalable PHP Markdown parser developed by The League of Extraordinary Packages. It fully supports the CommonMark and GFM specifications. Versions of Commonmark prior to 2.8.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the DisallowedRawHtml...
Markdown-It 安全漏洞
Markdown-It is an open-source Markdown parser. Versions of Markdown-It prior to 14.1.1 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions in the linkify function, which could lead to a denial-of-service attack due to the regular expressions...
CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
TencentOS Server 4: python-cmarkgfm (TSSA-2025:0086)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0086 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2018-0762
Malware in sbrugna...
EUVD-2017-3207
Malware in sbrugna...
EUVD-2018-2051
Malware in sbrugna...
EUVD-2022-0488
Malicious code in bioql PyPI...
EUVD-2022-0691
Malicious code in bioql PyPI...
EUVD-2022-0473
Malicious code in bioql PyPI...
EUVD-2023-0886
Malicious code in bioql PyPI...