Browse all 4 CVE security advisories affecting markedjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Markedjs is a JavaScript Markdown parser and compiler that converts Markdown to HTML, primarily used for content rendering in web applications. Historically, it has been susceptible to cross-site scripting (XSS) vulnerabilities due to improper input sanitization, with four CVEs recorded. These issues often stem from insecure handling of user-provided Markdown content, allowing attackers to inject malicious scripts. While no major public incidents have been widely reported, the consistent pattern of XSS vulnerabilities highlights the importance of implementing proper output encoding and context-aware sanitization when using this library in security-sensitive applications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41680 | Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer — markedCWE-400 | 7.5AI | HighAI | 2026-04-24 |
| CVE-2022-21680 | Cubic catastrophic backtracking (ReDoS) in marked — markedCWE-400 | 7.5 | High | 2022-01-14 |
| CVE-2022-21681 | Exponential catastrophic backtracking (ReDoS) in marked — markedCWE-400 | 7.5 | High | 2022-01-14 |
| CVE-2021-21306 | Denial of Service in Marked — markedCWE-400 | 5.3 | Medium | 2021-02-08 |
This page lists every published CVE security advisory associated with markedjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.