electron-markdownify is vulnerable to information disclosure. An attacker is able to gain access to confidential information through local arbitrary file reads, because the application does not have a proper CSP policy and/or does not properly validate the contents of markdown files before rendering them.