Every CVE whose affected-product data names Marked Project Marked, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-41680 — CVSS 7.5 (high): Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By…
CVE-2015-8854 — CVSS 7.5 (high): The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that…
CVE-2017-16114 — CVSS 7.5 (high): The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k…
CVE-2018-25110 — CVSS 7.5 (high): Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in…
CVE-2022-21680 — CVSS 7.5 (high): Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking…
CVE-2022-21681 — CVSS 7.5 (high): Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic…
CVE-2014-3743 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject…
CVE-2016-10531 — CVSS 6.1 (medium): marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input…
CVE-2021-21306 — CVSS 5.3 (medium): Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there…
CVE-2015-1370 — CVSS 4.3 (medium): Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS)…