Markdown-it Project Markdown-it — known CVE vulnerabilities
Every CVE whose affected-product data names Markdown-it Project Markdown-it, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-7969 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site…
CVE-2022-21670 — CVSS 5.3 (medium): markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down…
CVE-2026-2327 — CVSS 5.3 (medium): Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the…
CVE-2026-48988 — CVSS 5.3 (medium): markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled…
CVE-2015-10005 — CVSS 3.5 (low): A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file…