181 matches found
EUVD-2023-0947
Malicious code in bioql PyPI...
EUVD-2022-1336
Malicious code in bioql PyPI...
EUVD-2024-35885
Malicious code in bioql PyPI...
EUVD-2025-23255
Malicious code in bioql PyPI...
EUVD-2021-28275
Malicious code in bioql PyPI...
EUVD-2024-39118
Malicious code in bioql PyPI...
Regular Expression Denial of Service (ReDoS)
Overview cattown is an A lightweight, pure JavaScript markdown parser with built-in HTML sanitization using DOMPurify. Converts markdown to clean, safe HTML with customizable styling. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via inefficient...
CVE-2025-58451
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...
PT-2025-36518
Name of the Vulnerable Software and Affected Versions: Cattown versions prior to 1.0.2 Description: Cattown is a JavaScript markdown parser susceptible to denial of service. The parser utilizes regular expressions with inefficient complexity, potentially leading to exponential worst-case...
Cattown 安全漏洞
Cattown is a markdown file parser for IEatUranium238 individual developers. A security vulnerability exists in Cattown versions prior to 1.0.2 that stems from a denial of service attack with regular expressions...
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
GHSA-RRFF-CHJ9-W4C7 Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
Regular Expression Denial of Service (ReDoS)
Overview markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching...
CVE-2022-21670
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...
CVE-2020-15820
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence...
CVE-2019-16215
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages...
CVE-2025-46734
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
Cross-site Scripting (XSS)
Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AttributesExtension. If the Attributes extension is in...