Package impact
npm / marked
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41680 | high | 7.5 | 7.5 | 1mo ago | Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer | |||
| CVE-2015-8854 | high | 7.5 | 7.5 | 10y ago | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline r… | |||
| CVE-2021-21306 | medium | — | 5.5 | 5y ago | Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. Thi… | |||
| CVE-2015-1370 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. |