earmark

1.4.49

1.5.0-pre1 retired 1.5.0-pre retired 1.4.49 retired 1.4.48 retired 1.4.47 retired 1.4.46 retired 1.4.45 retired 1.4.44 retired 1.4.43 retired 1.4.42 retired 1.4.41 retired 1.4.40 retired 1.4.39 retired 1.4.38 retired 1.4.37 retired 1.4.36 retired 1.4.35 retired 1.4.34 retired 1.4.33 retired 1.4.32 retired 1.4.31 retired 1.4.30 retired 1.4.29 retired 1.4.28 retired 1.4.27 retired 1.4.26 retired 1.4.25 retired 1.4.24 retired 1.4.23 retired 1.4.22 retired 1.4.21 retired 1.4.20 retired 1.4.19 retired 1.4.18 retired 1.4.17 retired 1.4.16 retired 1.4.16-pre2 retired 1.4.16-pre1 retired 1.4.16-pre retired 1.4.15 retired 1.4.14 retired 1.4.13 retired 1.4.12 retired 1.4.10 retired 1.4.9 retired 1.4.8 retired 1.4.7 retired 1.4.6 retired 1.4.5 retired 1.4.4 retired 1.4.3 retired 1.4.2 retired 1.4.1 retired 1.4.0 retired 1.3.6 retired 1.3.5 retired 1.3.4 retired 1.3.3 retired 1.3.2 retired 1.3.1 retired 1.3.0 retired 1.2.6 retired 1.2.5 retired 1.2.4 retired 1.2.3 retired 1.2.2 retired 1.2.1 retired 1.2.0 retired 1.1.1 retired 1.1.0 retired 1.0.3 retired 1.0.2 retired 1.0.1 retired 1.0.0 retired 0.2.1 retired 0.2.0 retired 0.1.19 retired 0.1.18 retired 0.1.17 retired 0.1.16 retired 0.1.15 retired 0.1.14 retired 0.1.13 retired 0.1.12 retired 0.1.10 retired 0.1.9 retired 0.1.8 retired 0.1.7 retired 0.1.6 retired 0.1.5 retired 0.1.4 retired 0.1.3 retired 0.1.2 retired 0.1.1 retired 0.1.0 retired

Earmark is a pure-Elixir Markdown converter. It is intended to be used as a library (just call Earmark.as_html), but can also be used as a command-line tool (run mix escript.build first). Output generation is pluggable.

Retired package: Deprecated - Earmark is no longer maintained. Migrate to a replacement, for example MDEx (https://hex.pm/packages/mdex).

Security advisory: This version has known vulnerabilities. View advisories

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 95 Versions 0 Dependencies 119 Dependants 1 Advisory Activity

EEF-CVE-2026-48591 CVE-2026-48591

Stored XSS via unescaped HTML attribute values in earmark

June 17, 2026

CVSS

4.8 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Versions

>= 1.4.1

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

37 578

yesterday

11 370

last 7 days

76 418

all time

72 856 479

Last Updated

Jun 02, 2026

License

Apache-2.0

Build Tools

mix

Publisher

lab42

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

earmark

Checksum

Dependency Config

Package Details

Links

Owners

Search filters