VulnerableCode Package Details - pkg:deb/debian/r-cran-commonmark@1.7-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/r-cran-commonmark@1.7-2

Essentials
History (10)

purl	pkg:deb/debian/r-cran-commonmark@1.7-2

Next non-vulnerable version	1.9.5-1
Latest non-vulnerable version	1.9.5-1
Risk

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-2an8-zxae-hffk Aliases: CVE-2023-24824	cmark-gfm: Quadratic complexity bugs may lead to a denial of service	1.9.5-1 Affected by 0 other vulnerabilities.
VCID-3hpr-vga4-kucr Aliases: CVE-2023-22486		1.9.5-1 Affected by 0 other vulnerabilities.
VCID-3ngu-1qyq-5ub2 Aliases: CVE-2022-24724	cmark-gfm: possible RCE due to integer overflow	1.8.1-1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cr2f-h3ds-m7bp Aliases: CVE-2023-22484	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.	1.9.5-1 Affected by 0 other vulnerabilities.
VCID-fjt6-mbum-gkdh Aliases: CVE-2022-39209	cmark-gfm: Unbounded resource exhaustion may lead to denial of service	1.8.1-1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g272-pad7-t7bp Aliases: CVE-2023-26485	commonmarker: Quadratic complexity bug may lead to a denial of service	1.9.5-1 Affected by 0 other vulnerabilities.
VCID-rfcv-sua7-uke4 Aliases: CVE-2023-22483	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.	1.9.5-1 Affected by 0 other vulnerabilities.
VCID-t4pg-p9b1-xycx Aliases: CVE-2020-5238	cmark-gfm: Exponential time to parse certain inputs could lead to DoS	1.8.1-1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u5p8-6fkp-byap Aliases: CVE-2023-37463	cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.	1.9.5-1 Affected by 0 other vulnerabilities.
VCID-vapm-4zu8-d7ba Aliases: CVE-2023-22485	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.	1.9.5-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T01:23:16.888361+00:00	Debian Importer	Affected by	VCID-u5p8-6fkp-byap	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:38:53.226055+00:00	Debian Importer	Affected by	VCID-rfcv-sua7-uke4	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:00:23.706466+00:00	Debian Importer	Affected by	VCID-3ngu-1qyq-5ub2	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:50:05.505786+00:00	Debian Importer	Affected by	VCID-fjt6-mbum-gkdh	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:36:06.176754+00:00	Debian Importer	Affected by	VCID-vapm-4zu8-d7ba	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:23:17.830088+00:00	Debian Importer	Affected by	VCID-t4pg-p9b1-xycx	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:18:22.484228+00:00	Debian Importer	Affected by	VCID-g272-pad7-t7bp	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:12:11.298736+00:00	Debian Importer	Affected by	VCID-2an8-zxae-hffk	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T22:47:01.962535+00:00	Debian Importer	Affected by	VCID-3hpr-vga4-kucr	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T22:46:00.589787+00:00	Debian Importer	Affected by	VCID-cr2f-h3ds-m7bp	https://security-tracker.debian.org/tracker/data/json	38.6.0