Thephpleague Commonmark — known CVE vulnerabilities
Every CVE whose affected-product data names Thephpleague Commonmark, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-20583 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote…
CVE-2019-10010 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links…
CVE-2026-30838 — CVSS 6.1 (medium): league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline…
CVE-2026-33347 — CVSS 6.1 (medium): league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension…