Markdown-it_project Markdown-it

6 CVEs affecting Markdown-it_project Markdown-it. Latest disclosed: 2026-06-17. Critical: 0, High: 0.

Top CVEs affecting Markdown-it_project Markdown-it
CVESeverityScorePublishedSummary
CVE-2025-7969Medium6.12025-08-21Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). Thi…
CVE-2026-48988Medium5.32026-06-17markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^…
CVE-2026-2327Medium5.32026-02-12Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\…
CVE-2022-21670Medium5.32022-01-10markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser signific…
CVE-2015-3295Medium5.32017-06-07markdown-it before 4.1.0 does not block data: URLs.
CVE-2015-10005Low3.52022-12-27A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. T…