CVE-2022-21670

CVE-2022-21670 affects the markdown-it Markdown parser. The vulnerability arises from handling of special patterns with length over 50,000 characters, which can cause significant slowdown (denial of service) in affected versions. The issue is addressed by upgrading to version 12.3.2 ; there are n...

CVE-2015-10005

Affected software: markdown-it (up to 2.x). Vulnerability: REDOS in an unknown function of lib/common/html_re.js causing inefficient regular expression complexity. Root cause / impact: manipulation leads to performance concerns; lack of explicit exploitation details in the provided documents. Evi...

CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs, enabling potential HTML injection when rendering user-provided content. Affected: markdown-it versions prior to 4.1.0. Root cause: failure to block data: URLs in the rendering process. Impact: authoring or rendering content could lead to uninten...

CVE-2025-7969

CVE-2025-7969 is an XSS issue in markdown-it (improper neutralization of input during web page generation) affecting the lib/renderer.mjs path, with markdown-it 14.1.0 as the vulnerable version. IBM and related advisories reference this CVE across multiple products, noting remediation requires up...

CVE-2026-2327

The CVE affects the JavaScript library markdown-it in versions 13.0.0 and earlier than 14.1.1. The vulnerability arises in the linkify function due to a faulty regex /il+$/ that enables a ReDoS under crafted input (long sequences of * followed by a non-matching character). This backtracking can ...