Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm marked Security Advisories

Browse all Security Advisories for npm marked

Loading...
High
GSA_kwCzR0hTQS01djJoLXIyY3gtNXhnas0jVA
Inefficient Regular Expression Complexity in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1ycnJtLXFqbTQtdjhoZs0jUw
Inefficient Regular Expression Complexity in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNjItdjR2cS1ocjk2
Regular Expression Denial of Service (REDoS) in Marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNTItdmdxMi05NDNm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljdzItanFwNS03eDM5
Multiple Content Injection Vulnerabilities in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNXAtODdjaC1neHcy
Marked ReDoS due to email addresses being evaluated in quadratic time
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtbXFxOC1yd3Fj
Sanitization bypass using HTML Entities in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cGctODh3Zi1xcTRw
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDctN3hqeC1oeG04
Marked vulnerable to XSS from data URIs
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 7 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmamgtcDNnNC0zcTJm
VBScript Content Injection in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 7 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqY3AtajM4OS01OWZm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: almost 7 years ago
Statistics
Advisories: 20,359
Packages: 8,934
Repositories: 3
Ecosystems: 12
Filter by Severity
Moderate 8,822 High 7,063 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,297 npm 3,786 go 2,244 nuget 1,539 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
parse-server 31 directus 26 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 next 18 tinymce 16 sequelize 16 ghost 15 ckeditor4 15 swagger-ui 14 angular 13 strapi 13 undici 13 joplin 13 vm2 12 TinyMCE 11 handlebars 11 tinymce/tinymce 11 marked 11 nodebb 11 flowise 10 matrix-js-sdk 10 nocodb 10 bootstrap 10 bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 twbs/bootstrap 9 matrix-react-sdk 9 next-auth 9 @strapi/strapi 9 @evershop/evershop 9 serve 9 systeminformation 8 matrix-appservice-irc 8 npm 8 node-forge 8 validator 8 jquery-rails 8 jsrsasign 8 org.webjars.npm:jquery 8 jquery 8 tar 8 express-cart 8 url-parse 8 steal 8 editor.md 8 urijs 8 elliptic 7 snyk-broker 7 lodash 7 hapi 7 lunary 7 shescape 7 jquery-ui 7 uptime-kuma 7 vite 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 hermes-engine 7 jQuery.UI.Combined 7 bootstrap.sass 7 bootstrap-sass 7 total.js 7 sanitize-html 7 jQuery 7 @strapi/plugin-users-permissions 6 bootstrap-sass 6 rsshub 6 parse-url 6 safe-eval 6 dompurify 6 aaptjs 6 keystone 5 total4 5 ws 5 lodash-es 5 yarn 5 sweetalert2 5 public 5 mattermost-desktop 5 mermaid 5 ejs 5 prismjs 5 dojo 5 vditor 5 rendertron 5 xlsx 5 ua-parser-js 5 axios 5 mongoose 5 @saltcorn/server 5 openpgp 5 mysql2 5 auth0-lock 4 realms-shim 4 valine 4 convert-svg-core 4 apollo-server-core 4 hono 4 @backstage/plugin-scaffolder-backend 4 fast-xml-parser 4 katex 4 follow-redirects 4 simple-git 4 fastify 4 moment 4 auth0-js 4 simple-markdown 4 materialize-css 4 meshcentral 4 @keystone-6/core 4 apostrophe 4 remarkable 4 @lobehub/chat 4 jsonwebtoken 4 mongo-express 4 express 4 engine.io 4 ecstatic 4 vega 4 safer-eval 4 generator-jhipster 4 qs 4 glance 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 hummus 4 muhammara 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 @materializecss/materialize 3 stimulsoft-dashboards-js 3 typeorm 3 buttle 3 django-tinymce 3 js-yaml 3 loader-utils 3 openmct 3 ids-enterprise 3 dset 3 locutus 3 grunt 3 n8n 3 apollo-server 3 blamer 3 jspdf 3 browserify-shim 3 object-path 3 xdLocalStorage 3 @janhq/core 3 passport-wsfed-saml2 3 immer 3 jose 3 nodemailer 3 socket.io 3 json-pointer 3 libxmljs 3 froala-editor 3 org.webjars.npm:xlsx 3 @apollo/server 3 docsify 3 jointjs 3 connect 3 @backstage/techdocs-common 3 node-opcua 3 postcss 3 lodash.defaultsdeep 3 socket.io-parser 3 mysql 3 @cubejs-backend/api-gateway 3 dns-sync 3 @commercial/subtext 3 nadesiko3 3 @directus/api 3 @ckeditor/ckeditor5-markdown-gfm 3 node-jose 3 serialize-to-js 3 node-red-dashboard 3 xmldom 3 parsel 3 braces 3 slp-validate 3 keycloak-connect 3 @strapi/utils 3 @uppy/companion 3 sails 3 @jmondi/url-to-png 3 raneto 3 ftp-srv 3 socket.io-file 3 simplehttpserver 3 json-ptr 3 llhttp 3 feathers-sequelize 3 agnai 3 ag-grid-community 3 @frangoteam/fuxa 3 fuxa-server 3 yapi-vendor 3
Filter by Repository
https://github.com/markedjs/marked 5 https://github.com/chjj/marked 3