EUVD-2025-0112

Malicious code in bioql PyPI...

The vulnerability of the `renderToString()` function in the JavaScript library for rendering mathematical expressions in KaTeX allows a hacker to execute arbitrary code.

The vulnerability of the renderToString function in the JavaScript library for rendering mathematical expressions in KaTeX is related to incorrect encoding or escaping of output data when processing the \htmlData parameter. Exploiting this vulnerability may allow a remote attacker to execute...

CVE-2025-23207

A flaw was found in the KaTeX library. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript or generate invalid HTML. Mitigation Users unable to upgrade should turn off the trust option or set ...

PT-2025-1297 · Katex +3 · Katex +3

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.21 Description: The issue is related to the renderToString function in the KaTeX JavaScript library, which is used for rendering mathematical expressions. It is caused by incorrect encoding or escaping of output...