CVE-2026-48988
- EPSS 0.31%
- Veröffentlicht 17.06.2026 20:54:06
- Zuletzt bearbeitet 24.06.2026 19:06:21
markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^2)) processing in the smartquotes rule. The issue stems from repeatedly modifying strings w...
CVE-2026-2327
- EPSS 0.5%
- Veröffentlicht 12.02.2026 05:00:07
- Zuletzt bearbeitet 23.02.2026 14:08:11
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters follow...
CVE-2025-7969
- EPSS 0.23%
- Veröffentlicht 21.08.2025 16:40:05
- Zuletzt bearbeitet 22.12.2025 19:28:13
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects mark...
CVE-2015-10005
- EPSS 0.95%
- Veröffentlicht 27.12.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 02:24:09
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3....
CVE-2022-21670
- EPSS 2.15%
- Veröffentlicht 10.01.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:45:11
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workar...
CVE-2015-3295
- EPSS 1.29%
- Veröffentlicht 07.06.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
markdown-it before 4.1.0 does not block data: URLs.