league/commonmark Security Advisories for 2.7.0 (2)
-
[MEDIUM] league/commonmark has an embed extension allowed_domains bypass
PKSA-21fb-n1x5-5nf7 CVE-2026-33347 GHSA-hh8v-hgvp-g3f5
Affected version: >=2.3.0,<=2.8.1
Reported by:
GitHub -
[MEDIUM] CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
PKSA-2cx9-ynrq-qdk3 CVE-2026-30838 GHSA-4v6x-c7xx-hw9f
Affected version: >=2.0.0,<=2.8.0
Reported by:
GitHub