Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/commonmarker@0.23.7
purl pkg:gem/commonmarker@0.23.7
Next non-vulnerable version 0.23.10
Latest non-vulnerable version 1.0.0.pre
Risk 3.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-76q8-unpg-ryas
Aliases:
GHSA-48wp-p9qv-4j64
GMS-2023-1110
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service ## Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * CVE-2023-24824 * CVE-2023-26485 For more information, consult the release notes for versions 0.23.0.gfm.10 and 0.23.0.gfm.11. ## Mitigation Users are advised to upgrade to commonmarker version 0.23.9
0.23.9
Affected by 1 other vulnerability.
1.0.0.pre
Affected by 0 other vulnerabilities.
VCID-tfng-ynpw-cqa6
Aliases:
GHSA-7vh7-fw88-wj87
GMS-2023-1914
Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-37463](https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5) For more information, consult the release notes for version [`0.29.0.gfm.12`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.10`](https://rubygems.org/gems/commonmarker/versions/0.23.10).
0.23.10
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-6vcj-5faq-93e4 Several quadratic complexity bugs may lead to denial of service in Commonmarker ## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c) * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r) * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr) * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p) For more information, consult the release notes for version [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7). GHSA-636f-xm5j-pj9m
GMS-2023-123

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T09:23:39.696124+00:00 Ruby Importer Affected by VCID-tfng-ynpw-cqa6 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/commonmarker/GHSA-7vh7-fw88-wj87.yml 38.6.0
2026-06-13T06:25:16.339157+00:00 GHSA Importer Fixing VCID-6vcj-5faq-93e4 https://github.com/advisories/GHSA-636f-xm5j-pj9m 38.6.0
2026-06-12T19:02:40.135038+00:00 GitLab Importer Affected by VCID-tfng-ynpw-cqa6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/commonmarker/GMS-2023-1914.yml 38.6.0
2026-06-12T18:51:50.572073+00:00 GitLab Importer Affected by VCID-76q8-unpg-ryas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/commonmarker/GMS-2023-1110.yml 38.6.0
2026-06-12T15:45:23.511521+00:00 GitLab Importer Fixing VCID-6vcj-5faq-93e4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/commonmarker/GMS-2023-123.yml 38.6.0
2026-06-12T07:57:40.512302+00:00 GithubOSV Importer Fixing VCID-6vcj-5faq-93e4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-636f-xm5j-pj9m/GHSA-636f-xm5j-pj9m.json 38.6.0