Browse all 5 CVE security advisories affecting prismjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PrismJS is a lightweight syntax highlighting library used primarily for code display in web applications. Historically, it has faced vulnerabilities including cross-site scripting (XSS) due to improper input sanitization and remote code execution through maliciously crafted language definitions. The library's modular nature introduces potential risks when untrusted plugins are loaded. While no major security incidents have been widely documented, the five CVEs on record highlight ongoing concerns around insecure default configurations and insufficient validation of user-provided content. Developers should implement strict content security policies and validate all inputs to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-53382 | Prism 代码注入漏洞 — PrismCWE-94 | 4.9 | Medium | 2025-03-03 |
| CVE-2022-23647 | Cross-site Scripting in Prism — prismCWE-79 | 7.5 | High | 2022-02-18 |
| CVE-2021-3801 | Inefficient Regular Expression Complexity in prismjs/prism — prismjs/prismCWE-1333 | 7.5 | - | 2021-09-15 |
| CVE-2021-32723 | Regular Expression Denial of Service (ReDoS) in Prism — prismCWE-400 | 7.4 | High | 2021-06-28 |
| CVE-2020-15138 | Cross-Site Scripting in Prism — prismCWE-79 | 7.1 | High | 2020-08-07 |
This page lists every published CVE security advisory associated with prismjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.