Vulnerabilities > Marked Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-21680 | Marked is a markdown parser and compiler. | 7.5 |
| 2022-01-14 | CVE-2022-21681 | Marked is a markdown parser and compiler. | 7.5 |
| 2021-02-08 | CVE-2021-21306 | Resource Exhaustion vulnerability in Marked Project Marked Marked is an open-source markdown parser and compiler (npm package "marked"). | 5.0 |
| 2020-01-06 | CVE-2014-3743 | Cross-site Scripting vulnerability in Marked Project Marked Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | 4.3 |
| 2018-06-07 | CVE-2017-16114 | Resource Exhaustion vulnerability in Marked Project Marked The marked module is vulnerable to a regular expression denial of service. | 5.0 |
| 2018-05-31 | CVE-2016-10531 | Cross-site Scripting vulnerability in Marked Project Marked marked is an application that is meant to parse and compile markdown. | 4.3 |
| 2018-01-02 | CVE-2017-1000427 | Cross-site Scripting vulnerability in Marked Project Marked marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 6.1 |
| 2017-01-23 | CVE-2015-8854 | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2015-01-27 | CVE-2015-1370 | Unspecified vulnerability in Marked Project Marked Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. network marked-project | 4.3 |