league/commonmark Security Advisories for 0.16.0 (4)
-
[MEDIUM] league/commonmark contains a XSS vulnerability in Attributes extension
PKSA-rqc2-tcc6-nc79 CVE-2025-46734 GHSA-3527-qv2q-pfvx
Affected version: <2.7.0
Reported by:
GitHub -
[HIGH] league/commonmark's quadratic complexity bugs may lead to a denial of service
PKSA-fndg-qryc-dyc9 GHSA-c2pc-g5qf-rfrf
Affected version: <2.6.0
Reported by:
GitHub -
[MEDIUM] XSS vulnerability with double-encoded entities
PKSA-nyyp-2pk1-frkz CVE-2019-10010 GHSA-3v43-877x-qgmq
Affected version: <0.18.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XSS vulnerability with unsafe link protocols
PKSA-g6p7-7rfc-zbp2 CVE-2018-20583 GHSA-qx76-c53f-5c7q
Affected version: >=0.15.6,<0.18.1
Reported by:
GitHub, FriendsOfPHP/security-advisories