Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8wcn-cw8p-57e8
Vulnerability ID VCID-8wcn-cw8p-57e8
Aliases CVE-2017-16114
GHSA-x5pg-88wf-qq4p
Summary Regular Expression Denial of Service in marked
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2017-16114
cvssv3.1 7.5 https://github.com/advisories/GHSA-x5pg-88wf-qq4p
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x5pg-88wf-qq4p
generic_textual HIGH https://github.com/advisories/GHSA-x5pg-88wf-qq4p
cvssv3.1 7.5 https://github.com/chjj/marked/issues/937
generic_textual HIGH https://github.com/chjj/marked/issues/937
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-16114
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-16114
cvssv3.1 7.5 https://www.npmjs.com/advisories/531
generic_textual HIGH https://www.npmjs.com/advisories/531
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-16114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16114
https://github.com/chjj/marked/issues/937
https://nodesecurity.io/advisories/531
https://www.npmjs.com/advisories/531
CVE-2017-16114 https://nvd.nist.gov/vuln/detail/CVE-2017-16114
GHSA-x5pg-88wf-qq4p https://github.com/advisories/GHSA-x5pg-88wf-qq4p
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/advisories/GHSA-x5pg-88wf-qq4p
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/chjj/marked/issues/937
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-16114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.npmjs.com/advisories/531
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61287
EPSS Score 0.00403
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:09.539805+00:00 GHSA Importer Import https://github.com/advisories/GHSA-x5pg-88wf-qq4p 38.6.0