Markdown-it_project Markdown-it
6 CVEs affecting Markdown-it_project Markdown-it. Latest disclosed: 2026-06-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-7969 | Medium | 6.1 | 2025-08-21 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). Thi… |
CVE-2026-48988 | Medium | 5.3 | 2026-06-17 | markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^… |
CVE-2026-2327 | Medium | 5.3 | 2026-02-12 | Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\… |
CVE-2022-21670 | Medium | 5.3 | 2022-01-10 | markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser signific… |
CVE-2015-3295 | Medium | 5.3 | 2017-06-07 | markdown-it before 4.1.0 does not block data: URLs. |
CVE-2015-10005 | Low | 3.5 | 2022-12-27 | A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. T… |