Search for packages
| purl | pkg:npm/marked@0.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3hp9-cv2c-r7gc
Aliases: CVE-2014-3743 |
Multiple Content Injection Vulnerabilities Marked comes with an option to sanitize user output to help protect against content injection attacks. ```sanitize: true``` Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations - gfm codeblocks (language) - javascript url's |
Affected by 0 other vulnerabilities. |
|
VCID-xdzq-65a6-67h5
Aliases: CVE-2014-1850 |
Multiple Content Injection Vulnerabilities Marked comes with an option to sanitize user output to help protect against content injection attacks. ```sanitize: true``` Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations - gfm codeblocks (language) - javascript url's |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:36:13.448906+00:00 | GitLab Importer | Affected by | VCID-xdzq-65a6-67h5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/marked/CVE-2014-1850.yml | 38.6.0 |
| 2026-06-02T03:45:02.475810+00:00 | Npm Importer | Affected by | VCID-3hp9-cv2c-r7gc | https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json | 38.6.0 |
| 2026-06-02T03:45:01.365030+00:00 | Npm Importer | Affected by | VCID-xdzq-65a6-67h5 | https://github.com/nodejs/security-wg/blob/main/vuln/npm/22.json | 38.6.0 |