Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-g272-pad7-t7bp
Vulnerability ID VCID-g272-pad7-t7bp
Aliases CVE-2023-26485
Summary commonmarker: Quadratic complexity bug may lead to a denial of service
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1333 Inefficient Regular Expression Complexity
CWE-400 Uncontrolled Resource Consumption
CWE-407 Inefficient Algorithmic Complexity
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26485.json
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-26485
cvssv3.1 5.3 https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
ssvc Track https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
cvssv3.1 5.3 https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
ssvc Track https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26485.json
https://api.first.org/data/v1/epss?cve=CVE-2023-26485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26485
07a66c9bc341f902878e37d7da8647d6ef150987 https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
1034171 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034171
1034172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034172
1034173 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034173
1034174 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034174
2210173 https://bugzilla.redhat.com/show_bug.cgi?id=2210173
USN-7319-1 https://usn.ubuntu.com/7319-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26485.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T17:20:05Z/ Found at https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T17:20:05Z/ Found at https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5
Exploit Prediction Scoring System (EPSS)
Percentile 0.35879
EPSS Score 0.00154
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:09:00.024699+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26485.json 38.6.0