Every CVE whose affected-product data names Prismjs Prism, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-23341 — CVSS 7.5 (high): The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest…
CVE-2022-23647 — CVSS 7.5 (high): Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used…
CVE-2021-32723 — CVSS 7.4 (high): Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When…
CVE-2024-53382 — CVSS 4.9 (medium): Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly…