VYPR

Markdown It

by Markdown It Project

Source repositories

CVEs (5)

  • CVE-2015-3295MedJun 7, 2017
    risk 0.28cvss 5.3epss 0.01

    markdown-it before 4.1.0 does not block data: URLs.

  • CVE-2015-10005LowDec 27, 2022
    risk 0.16cvss 3.5epss 0.01

    A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this…

  • CVE-2026-48988Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary A quadratic time complexity vulnerability exists in markdown-it's smartquotes rule (enabled via the `typographer: true` option). An attacker can craft a markdown input consisting of consecutive quotation marks that causes the parser to consume excessive CPU time,…

  • CVE-2026-2327Feb 12, 2026
    risk 0.00cvss epss 0.01

    Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching…

  • CVE-2025-7969Aug 21, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the…