Skip to main content

Do Markdownit

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-59717 npm MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js Do Markdownit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-59717 npm
EPSS 0% CVSS 5.4
MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy