mdex

0.13.2

0.13.2 0.13.1 0.13.0 0.12.5 retired 0.12.4 0.12.3 0.12.2 0.12.1 0.12.0 0.11.7 0.11.6 0.11.5 0.11.4 0.11.3 0.11.2 0.11.1 0.11.0 0.10.0 0.9.4 0.9.3 0.9.2 0.9.1 0.9.0 0.8.6 0.8.5 0.8.4 0.8.3 0.8.2 0.8.1 0.8.0 0.7.5 0.7.4 0.7.3 0.7.2 0.7.1 0.7.0 0.6.2 0.6.1 0.6.0 0.5.0 0.4.3 0.4.2 0.4.1 0.4.0 0.3.3 0.3.2 0.3.1 0.3.0 0.2.0 0.1.18 0.1.17 0.1.16 0.1.15 0.1.14 0.1.13 0.1.12 0.1.11 0.1.10 0.1.9 0.1.8 0.1.7 0.1.6 0.1.5 0.1.4 0.1.3 0.1.2 0.1.1 0.1.0

Fast and extensible Markdown for Elixir

HexDocs HexPreview

Current section

6 Advisories

Jump to

Readme 68 Versions 6 Dependencies 32 Dependants 6 Advisories Activity

EEF-CVE-2026-53426 CVE-2026-53426 GHSA-923r-7vf4-5vw8

Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

June 29, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Versions

>= 0.4.3 and < 0.13.2

References

EEF-CVE-2026-54889 CVE-2026-54889 GHSA-4383-7xfp-gpph

Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

June 29, 2026

CVSS

5.1 / 10.0 Medium

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Versions

>= 0.8.3 and < 0.13.2

References

EEF-CVE-2026-54888 CVE-2026-54888 GHSA-3w4f-53g2-f66p

Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

June 29, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.3.0 and < 0.12.3

References

EEF-CVE-2026-53429 CVE-2026-53429 GHSA-cmvp-gp9f-23xw

Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

June 29, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.11.0 and < 0.12.3

References

EEF-CVE-2026-53428 CVE-2026-53428 GHSA-j93q-9cvj-rxfm

Unbounded memory allocation in highlight_lines range expansion in mdex

June 29, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Versions

>= 0.11.0 and < 0.12.3

References

EEF-CVE-2026-53427 CVE-2026-53427 GHSA-v664-pmxr-mxxx

Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

June 29, 2026

CVSS

2.3 / 10.0 Low

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Versions

>= 0.11.3 and < 0.12.3

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

yesterday

1 512

last 7 days

24 674

all time

815 331

Last Updated

Jun 29, 2026

License

MIT

Build Tools

mix

Publisher

leandrocp

Owners

leandrocp

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

mdex

Checksum

Dependency Config

Package Details

Links

Owners

Search filters