pkg:Packagist/league/commonmark

All known vulnerabilities

• MEDIUM6.4CVE-2025-46734league/commonmark contains a XSS vulnerability in Attributes extension
  >= 1.5.0, < 2.7.0
• MEDIUM6.1CVE-2026-33347league/commonmark has an embed extension allowed_domains bypass
  >= 2.3.0, < 2.8.2
• MEDIUM6.1CVE-2026-30838CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
  >= 2.0.0, < 2.8.1
• MEDIUM6.1CVE-2018-20583PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
  >= 0.15.6, < 0.18.1
• MEDIUM6.1CVE-2019-10010Moderate severity vulnerability that affects league/commonmark
  from 0, < 0.18.3