CVE-2018-3770

markdown-pdf versions prior to 9.0.0 are vulnerable to path traversal and potential remote code execution due to insufficient sanitization of HTML in Markdown files. Concrete details across multiple connected documents show that injecting malicious HTML can lead to reading local files and, in som...

CVE-2023-0835

CVE-2023-0835 affects markdown-pdf 11.0.0, where an external attacker can remotely read arbitrary local files due to the application’s failure to validate user-supplied Markdown content. The root cause is lack of input validation in the Markdown processing path, enabling sensitive file exposure v...