Product
marked project marked
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41680
CVE-2018-25110
CVE-2022-21681
CVE-2022-21680
CVE-2021-21306
CVE-2014-3743
CVE-2017-16114
CVE-2016-10531
CVE-2017-1000427
CVE-2015-8854
CVE-2015-1370
>= 18.0.0 and < 18.0.2
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked
< 0.3.17
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtrac
< 4.0.10
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression
inline.reflinkSearch may cause catastr< 4.0.10
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression
block.def may cause catastrophic backt>= 1.1.1 and < 2.0.0
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.
< 0.3.1
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject
< 0.3.9
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue,
<= 0.3.5
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, s
<= 0.3.6
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
< 0.3.4
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vector
<= 0.3.2
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting