markdown-it (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package markdown-it, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-21670 — CVSS 5.3 (medium): markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down…
CVE-2026-2327 — CVSS 5.3 (medium): Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the…
CVE-2026-48988 — CVSS 5.3 (medium): markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled…
CVE-2015-10005 — CVSS 3.5 (low): A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file…