Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/remarkable@1.4.2
purl pkg:npm/remarkable@1.4.2
Next non-vulnerable version 1.7.2
Latest non-vulnerable version 1.7.2
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2mqk-yw4k-byex
Aliases:
GMS-2017-116
XSS in Data URI remarkable allows the use of `data:` URIs.
1.7.0
Affected by 1 other vulnerability.
VCID-6ppw-tsg6-1fgf
Aliases:
CVE-2017-16006
GHSA-mrmf-qwxg-7c3h
Cross-site Scripting Remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
1.7.0
Affected by 1 other vulnerability.
VCID-wdt9-nkwt-zbde
Aliases:
CVE-2019-12043
GHSA-36m4-6v6m-4vpr
XSS via URLs In remarkable `lib/parser_inline.js` mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters.
1.7.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T23:16:14.509852+00:00 GHSA Importer Affected by VCID-6ppw-tsg6-1fgf https://github.com/advisories/GHSA-mrmf-qwxg-7c3h 38.6.0
2026-06-04T20:21:30.815926+00:00 GitLab Importer Affected by VCID-wdt9-nkwt-zbde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/remarkable/CVE-2019-12043.yml 38.6.0
2026-06-04T20:12:31.526187+00:00 GitLab Importer Affected by VCID-6ppw-tsg6-1fgf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/remarkable/CVE-2017-16006.yml 38.6.0
2026-06-04T20:07:38.656705+00:00 GitLab Importer Affected by VCID-2mqk-yw4k-byex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/remarkable/GMS-2017-116.yml 38.6.0