Github.Com Gomarkdown Markdown vulnerabilities

CVE-2026-40890 [HIGH] CWE-125 Go Markdown has an Out-of-bounds Read in SmartypantsRenderer Go Markdown has an Out-of-bounds Read in SmartypantsRenderer ### Summary Processing a malformed input containing a `` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `` character anywhere in the remaining

CVE-2024-44337 [MEDIUM] CWE-835 Infinite loop in github.com/gomarkdown/markdown Infinite loop in github.com/gomarkdown/markdown The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denia

CVE-2023-42821 [HIGH] CWE-125 Markdown vulnerable to Out-of-bounds Read while parsing citations Markdown vulnerable to Out-of-bounds Read while parsing citations ### Summary Parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. ### Details To exploit the vulnerability, parser needs to have parser.Mmark extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element