Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/commonmarker@1.0.0.pre
purl pkg:gem/commonmarker@1.0.0.pre
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-ryey-1gks-fydw Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c) * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r) * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr) * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p) For more information, consult the release notes for version [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7). GHSA-636f-xm5j-pj9m
GMS-2023-123

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T18:14:00.102276+00:00 Ruby Importer Fixing VCID-ryey-1gks-fydw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/commonmarker/GHSA-636f-xm5j-pj9m.yml 38.6.0