OsVault/npm/marked

npm

marked

19 known vulnerabilities · 0 critical · 5 high

CVE-2016-10531MEDIUM

Sanitization bypass using HTML Entities in marked

Published Feb 18, 2019

CVE-2021-21306MEDIUM

Regular Expression Denial of Service (REDoS) in Marked

Published Feb 8, 2021

CVE-2017-16114HIGH

Regular Expression Denial of Service in marked

Published Jul 24, 2018

CVE-2022-21681HIGH

Inefficient Regular Expression Complexity in marked

Published Jan 14, 2022

CVE-2015-1370MEDIUM

VBScript Content Injection in marked

Published Oct 24, 2017

CVE-2017-1000427MEDIUM

Marked vulnerable to XSS from data URIs

Published Jan 4, 2018

GHSA-6v9c-7cg6-27q7

Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Published Apr 29, 2026

CVE-2018-25110HIGH

Marked allows Regular Expression Denial of Service (ReDoS) attacks

Published May 23, 2025

CVE-2022-21680HIGH

Inefficient Regular Expression Complexity in marked

Published Jan 14, 2022

CVE-2014-3743MEDIUM

Multiple Content Injection Vulnerabilities in marked

Published Aug 31, 2020

CVE-2020-7682HIGH

Path Traversal in marked-tree

Published May 7, 2021

MAL-2026-2927

Malicious code in pa-marked (npm)

Published Apr 19, 2026

MAL-2026-2928

Malicious code in pa-marked-internal (npm)

Published Apr 19, 2026

MAL-2022-4484

Malicious code in markedjs (npm)

Published Jun 20, 2022

MAL-2025-615

Malicious code in marked-as (npm)

Published Jan 21, 2025

MAL-2025-616

Malicious code in marked-at (npm)

Published Jan 21, 2025

MAL-2025-69

Malicious code in marked-cs (npm)

Published Jan 12, 2025

GHSA-g2g4-47gv-p72v

CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Published May 26, 2026

MAL-2025-70

Malicious code in marked-ps (npm)

Published Jan 12, 2025

Check your entire dependency tree at onceRun dependency scan →