VulnerableCode Package Details - pkg:deb/debian/ruby-commonmarker@0.21.0-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ruby-commonmarker@0.21.0-1

Essentials
History (10)

purl	pkg:deb/debian/ruby-commonmarker@0.21.0-1

Next non-vulnerable version	0.23.10-1
Latest non-vulnerable version	0.23.10-1
Risk

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-2an8-zxae-hffk Aliases: CVE-2023-24824	cmark-gfm: Quadratic complexity bugs may lead to a denial of service	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-3hpr-vga4-kucr Aliases: CVE-2023-22486		0.23.10-1 Affected by 0 other vulnerabilities.
VCID-3ngu-1qyq-5ub2 Aliases: CVE-2022-24724	cmark-gfm: possible RCE due to integer overflow	0.23.6-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cr2f-h3ds-m7bp Aliases: CVE-2023-22484	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-fjt6-mbum-gkdh Aliases: CVE-2022-39209	cmark-gfm: Unbounded resource exhaustion may lead to denial of service	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-g272-pad7-t7bp Aliases: CVE-2023-26485	commonmarker: Quadratic complexity bug may lead to a denial of service	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-q8rv-ktdr-q7ep Aliases: CVE-2024-22051 GHSA-fmx4-26r3-wxpf GMS-2022-240	commonmarker: integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption	0.23.6-1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rfcv-sua7-uke4 Aliases: CVE-2023-22483	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-u5p8-6fkp-byap Aliases: CVE-2023-37463	cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.	0.23.10-1 Affected by 0 other vulnerabilities.
VCID-vapm-4zu8-d7ba Aliases: CVE-2023-22485	cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.	0.23.10-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T01:01:38.881590+00:00	Debian Importer	Affected by	VCID-vapm-4zu8-d7ba	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:47:40.732289+00:00	Debian Importer	Affected by	VCID-rfcv-sua7-uke4	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:44:52.234367+00:00	Debian Importer	Affected by	VCID-fjt6-mbum-gkdh	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:42:38.418873+00:00	Debian Importer	Affected by	VCID-3ngu-1qyq-5ub2	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:22:53.489772+00:00	Debian Importer	Affected by	VCID-3hpr-vga4-kucr	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:15:12.226505+00:00	Debian Importer	Affected by	VCID-q8rv-ktdr-q7ep	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-30T00:12:00.084725+00:00	Debian Importer	Affected by	VCID-2an8-zxae-hffk	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:56:20.940942+00:00	Debian Importer	Affected by	VCID-u5p8-6fkp-byap	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T23:42:33.270766+00:00	Debian Importer	Affected by	VCID-cr2f-h3ds-m7bp	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-29T22:59:30.562440+00:00	Debian Importer	Affected by	VCID-g272-pad7-t7bp	https://security-tracker.debian.org/tracker/data/json	38.6.0