Jgm
Products
4- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25821 | Hig | 0.49 | 7.5 | 0.01 | Sep 23, 2020 | peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2018-20453 | Med | 0.42 | 6.5 | 0.01 | Dec 25, 2018 | The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | ||
| CVE-2023-35936 | Med | 0.40 | 6.1 | 0.00 | Jul 5, 2023 | Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing… | ||
| CVE-2025-51591 | Low | 0.17 | 3.7 | 0.01 | Jul 11, 2025 | A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable… | ||
| CVE-2021-38711 | Hig | 0.00 | 7.5 | 0.01 | Aug 16, 2021 | In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. |
- risk 0.49cvss 7.5epss 0.01
peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.42cvss 6.5epss 0.01
The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.
- risk 0.40cvss 6.1epss 0.00
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing…
- risk 0.17cvss 3.7epss 0.01
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable…
- risk 0.00cvss 7.5epss 0.01
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.