VYPR

Codimd

by Hackmdio

Source repositories

CVEs (5)

  • CVE-2025-46655MedApr 26, 2025
    risk 0.32cvss 4.9epss 0.00

    CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for…

  • CVE-2025-46654Apr 26, 2025
    risk 0.00cvss epss 0.00

    CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

  • CVE-2024-38353Jul 10, 2024
    risk 0.00cvss epss 0.01

    CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid…

  • CVE-2024-38354Jul 10, 2024
    risk 0.00cvss epss 0.00

    CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks…

  • CVE-2024-22778Feb 21, 2024
    risk 0.00cvss epss 0.01

    HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.