Package impact
Packagist / league/commonmark
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-46734 | medium | — | 5.5 | 1y ago | league/commonmark contains a XSS vulnerability in Attributes extension | |||
| CVE-2026-33347 | unknown | — | — | 2mo ago | league/commonmark has an embed extension allowed_domains bypass | |||
| CVE-2026-30838 | unknown | — | — | 3mo ago | league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallow… | |||
| CVE-2018-20583 | unknown | — | — | 4y ago | PHP League CommonMark vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2019-10010 | unknown | — | — | 7y ago | Moderate severity vulnerability that affects league/commonmark |