Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1pxm-8vn6-xbgk
Vulnerability ID VCID-1pxm-8vn6-xbgk
Aliases GHSA-32vw-r77c-gm67
Summary Withdrawn Advisory: marked cross-site scripting vulnerability Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-32vw-r77c-gm67
generic_textual MODERATE https://github.com/markedjs/marked/commit/fc372d1c6293267722e33f2719d57cebd67b3da1
generic_textual MODERATE https://github.com/markedjs/marked/issues/492
generic_textual MODERATE https://www.npmjs.com/advisories/24
generic_textual MODERATE https://www.npmjs.com/advisories/24/versions
Reference id Reference type URL
https://github.com/markedjs/marked/commit/fc372d1c6293267722e33f2719d57cebd67b3da1
https://github.com/markedjs/marked/issues/492
https://www.npmjs.com/advisories/24
https://www.npmjs.com/advisories/24/versions
GHSA-32vw-r77c-gm67 https://github.com/advisories/GHSA-32vw-r77c-gm67
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-04T16:20:09.380761+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/marked/GHSA-32vw-r77c-gm67.yml 38.6.0