Every CVE whose affected-product data names Hackmd Codimd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-38354 — CVSS 8.1 (high): CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe…
CVE-2019-15499 — CVSS 6.1 (medium): CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with…
CVE-2024-38353 — CVSS 5.3 (medium): CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control…
CVE-2025-46654 — CVSS 4.9 (medium): CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by…