RSAC 2026: Tag in a Partner for the AI Security Showdown

Legacy security wasn't built for autonomous AI. See how Akamai partners are stepping into the ring to build trust and secure the agentic enterprise...

net.aequologica.neo:geppaequo-tags (>=0.5.3 <=0.6.0), net.aequologica.neo:geppaequo-web (>=0.5.3 <=0.6.0) +4 more potentially affected by CVE-2025-2336 via org.webjars.npm:angular-sanitize (>=1.5.0-beta.0 <=1.8.3)

org.webjars.npm:angular-sanitize MAVEN version =1.5.0-beta.0, =0.5.3, =0.5.3, =0.6.0 - org.webjars.npm:angular-auto-complete =1.7.4 - org.webjars.npm:angular-material-calendar =0.2.14 - org.webjars.npm:angular-schema-form =0.8.13 - org.webjars.npm:github-com-showdownjs-ng-showdown =1.1.0 Source...

20mk-utils (>=1.0.0 <=1.0.3), 2d-spirograph (>=1.0.2 <=1.0.4) +2111 more potentially affected by CVE-2024-1899 via showdown (>=0.0.1 <=2.1.0)

showdown NPM version =0.0.1, =1.0.0, =1.0.2, =2.0.4, =1.0.6, =0.1.4, =0.1.4, =0.1.4, =13.351.0, =13.351.0, =7.10.0, =7.10.0, =0.0.3, =0.4.15 - @adalink/spark-chat =1.0.0 and more Source cves: CVE-2024-1899 Source advisory: OSV:GHSA-RMMH-P597-PPVV...

Showdown Security Vulnerability

Showdown is ShowdownJS open source a JavaScript Markdown to HTML converter . A security vulnerability exists in Showdown version 2.1.0 and earlier versions. A remote attacker could exploit this vulnerability to cause a system denial of service...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details Denial...

com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0), org.webjars.npm:github-com-showdownjs-ng-showdown (=1.1.0) +3 more potentially affected by CVE-2024-1899 via org.webjars.npm:showdown (>=1.9.1 <=2.1.0)

org.webjars.npm:showdown MAVEN version =1.9.1, =2.0.0, =1.0.2, =1.0.3 - org.webjars.npm:showdown-prism =0.2.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8685132...

org.webjars.bower:ng-swagger-ui (=0.0.4) potentially affected by CVE-2024-1899 via org.webjars.bower:showdown (=1.7.6)

org.webjars.bower:showdown MAVEN version =1.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:showdown and may be impacted: - org.webjars.bower:ng-swagger-ui =0.0.4 Source cves: CVE-2024-1899 Source advisory:...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...

org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2024-1899 via org.webjars:showdown (=0.3.1)

org.webjars:showdown MAVEN version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:showdown and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARS-8685134...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bower:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.showdownjs:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n...

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

GHSA-C33W-PM52-MQVF @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

CVE-2022-39350

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

Format string

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

PT-2022-24919 · Unknown +1 · @Dependencytrack/Frontend +1

Name of the Vulnerable Software and Affected Versions: @dependencytrack/frontend versions prior to 4.6.1 Description: The Dependency-Track frontend is a Single Page Application SPA that renders vulnerability details using the JavaScript library Showdown. Since Showdown does not have any XSS...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

Dependency-Track 安全漏洞

Dependency-Track is an intelligent supply chain component analysis platform for identifying third-party component risks. A security vulnerability exists in versions of Dependency-Track prior to 4.6.1 that stems from not coding or cleaning up the output of Showdown, which allows arbitrary JavaScri...

CVE-2022-39350

CVE-2022-39350 affects @dependencytrack/frontend (Dependency-Track frontend). The issue arises because vulnerability details rendered with Showdown were not encoded/sanitized before version 4.6.1, allowing arbitrary JavaScript in vulnerability fields (Description, Details, Recommendation, Referen...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...