{"url":"http://public2.vulnerablecode.io/api/packages/101731?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.0-1?distro=trixie","type":"deb","namespace":"debian","name":"r-cran-commonmark","version":"1.9.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.9.1-1","latest_non_vulnerable_version":"2.0.0-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149916?format=json","vulnerability_id":"VCID-3t6s-s89g-1ff3","summary":"cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22485","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21819","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3894","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38962","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38953","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22485"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110","reference_id":"1033110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111","reference_id":"1033111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112","reference_id":"1033112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113","reference_id":"1033113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113"},{"reference_url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr","reference_id":"GHSA-c944-cv5f-hpvr","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:02:09Z/"}],"url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101731?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101730?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101729?format=json","purl":"pkg:deb/debian/r-cran-commonmark@2.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@2.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-22485"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3t6s-s89g-1ff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149771?format=json","vulnerability_id":"VCID-n8rw-e9kt-77em","summary":"cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22484","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39601","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39626","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45517","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22484"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110","reference_id":"1033110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111","reference_id":"1033111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112","reference_id":"1033112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113","reference_id":"1033113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113"},{"reference_url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r","reference_id":"GHSA-24f7-9frr-5h2r","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:30Z/"}],"url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r"},{"reference_url":"https://usn.ubuntu.com/7319-1/","reference_id":"USN-7319-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7319-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101731?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101730?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101729?format=json","purl":"pkg:deb/debian/r-cran-commonmark@2.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@2.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-22484"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8rw-e9kt-77em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15103?format=json","vulnerability_id":"VCID-rbf4-3fdn-p3dg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22486","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30824","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39008","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39031","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22486"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110","reference_id":"1033110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111","reference_id":"1033111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112","reference_id":"1033112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113","reference_id":"1033113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113"},{"reference_url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p","reference_id":"GHSA-r572-jvj2-3m8p","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:28Z/"}],"url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p"},{"reference_url":"https://usn.ubuntu.com/7319-1/","reference_id":"USN-7319-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7319-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101731?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101730?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101729?format=json","purl":"pkg:deb/debian/r-cran-commonmark@2.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@2.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-22486"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbf4-3fdn-p3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149660?format=json","vulnerability_id":"VCID-tadv-58mt-m7ex","summary":"cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22483","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3555","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35572","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35555","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45517","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22483"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110","reference_id":"1033110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111","reference_id":"1033111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112","reference_id":"1033112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113","reference_id":"1033113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033113"},{"reference_url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c","reference_id":"GHSA-29g3-96g3-jg6c","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:33Z/"}],"url":"https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c"},{"reference_url":"https://usn.ubuntu.com/7319-1/","reference_id":"USN-7319-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7319-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101731?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101730?format=json","purl":"pkg:deb/debian/r-cran-commonmark@1.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101729?format=json","purl":"pkg:deb/debian/r-cran-commonmark@2.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@2.0.0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-22483"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tadv-58mt-m7ex"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/r-cran-commonmark@1.9.0-1%3Fdistro=trixie"}