Lucene search
K
Markdown-it ProjectMarkdown-it

6 matches found

CVE
CVE
•added 2022/01/10 8:40 p.m.•88 views

CVE-2022-21670

CVE-2022-21670 affects the markdown-it Markdown parser. The vulnerability arises from handling of special patterns with length over 50,000 characters, which can cause significant slowdown (denial of service) in affected versions. The issue is addressed by upgrading to version 12.3.2 ; there are n...

5.3CVSS5.5AI score0.02152EPSS
CVE
CVE
•added 2022/12/27 8:5 a.m.•56 views

CVE-2015-10005

Affected software: markdown-it (up to 2.x). Vulnerability: REDOS in an unknown function of lib/common/html_re.js causing inefficient regular expression complexity. Root cause / impact: manipulation leads to performance concerns; lack of explicit exploitation details in the provided documents. Evi...

7.5CVSS5.6AI score0.00946EPSS
CVE
CVE
•added 2017/06/07 9:0 p.m.•54 views

CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs, enabling potential HTML injection when rendering user-provided content. Affected: markdown-it versions prior to 4.1.0. Root cause: failure to block data: URLs in the rendering process. Impact: authoring or rendering content could lead to uninten...

5.3CVSS5.5AI score0.01287EPSS
CVE
CVE
•added 2025/08/21 4:40 p.m.•34 views

CVE-2025-7969

CVE-2025-7969 is an XSS issue in markdown-it (improper neutralization of input during web page generation) affecting the lib/renderer.mjs path, with markdown-it 14.1.0 as the vulnerable version. IBM and related advisories reference this CVE across multiple products, noting remediation requires up...

6.9CVSS5.4AI score0.00229EPSS
CVE
CVE
•added 2026/02/12 5:0 a.m.•31 views

CVE-2026-2327

The CVE-2026-2327 case concerns the markdown-it package. Affected versions: 13.0.0 through 14.1.0 (and up to 14.1.1 as fixed) are vulnerable to a Regular Expression Denial of Service in the linkify function due to the regex /*$/ used for links; an attacker can provide a long sequence of * follow...

7.5CVSS5.5AI score0.00503EPSS
CVE
CVE
•added 2026/06/17 8:54 p.m.•27 views

CVE-2026-48988

markdown-it is affected by a Denial-of-Service vulnerability (CVE-2026-48988) when typographer: true is enabled. Versions 14.1.1 and earlier process smartquotes with a quadratic time complexity due to repeated uses of replaceAt(), causing high CPU usage on quote-heavy inputs. The issue can degrad...

5.3CVSS5.2AI score0.00306EPSS