Search for packages
| purl | pkg:npm/marky-markdown@5.0.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-j19n-gs88-mfhx
Aliases: GHSA-mg69-6j3m-jvgw GMS-2020-370 |
HTML Injection in marky-markdown All versions of `marky-markdown` are vulnerable to HTML Injection. The package fails to sanitize `style` attributes in `img` tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. ## Recommendation This package is no longer maintained. Please upgrade to `@npmcorp/marky-markdown` | There are no reported fixed by versions. |
|
VCID-ujju-2pf6-qqc6
Aliases: GHSA-pxmp-fwjc-4x7q GMS-2020-371 |
HTML Injection in marky-markdown All versions of `marky-markdown` are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is `youtube.com` but it is possible to bypass the validation with sources where `youtube.com` is the sub-domain, such as `youtube.com.evil.co`. This This package is no longer maintained. Please upgrade to `@npmcorp/marky-markdown` | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:37:29.794866+00:00 | GitLab Importer | Affected by | VCID-ujju-2pf6-qqc6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/marky-markdown/GMS-2020-371.yml | 38.6.0 |
| 2026-06-04T20:37:19.150422+00:00 | GitLab Importer | Affected by | VCID-j19n-gs88-mfhx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/marky-markdown/GMS-2020-370.yml | 38.6.0 |