Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
marked project marked vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-10531
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and previous versions parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascrip...
Marked Project Marked
7.5
CVSSv3
CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Marked Project Marked
NA
CVE-2015-1370
Incomplete blacklist vulnerability in marked 0.3.2 and previous versions for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.
Marked Project Marked
6.1
CVSSv3
CVE-2014-3743
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module prior to 0.3.1 for Node.js allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Marked Project Marked
7.5
CVSSv3
CVE-2021-21306
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through ...
Marked Project Marked
6.1
CVSSv3
CVE-2017-1000427
marked version 0.3.6 and previous versions is vulnerable to an XSS attack in the data: URI parser.
Marked Project Marked
6.5
CVSSv3
CVE-2018-6806
Marked 2 up to and including 2.5.11 allows remote malicious users to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest ca...
Marked 2 Project Marked 2
7.5
CVSSv3
CVE-2020-7682
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Marked-tree Project Marked-tree
7.5
CVSSv3
CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable versi...
Marked Project Marked
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-21681
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of mark...
Marked Project Marked
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »