Nixpkgs security tracker

Permalink CVE-2026-33347

created 3 weeks, 4 days ago

league/commonmark has an embed extension allowed_domains bypass

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This issue has been patched in version 2.8.2.

References

https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5 x_refsource_CONFIRM
https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b x_refsource_MISC
https://github.com/thephpleague/commonmark/releases/tag/2.8.2 x_refsource_MISC

Affected products

commonmark

==>= 2.3.0, < 2.8.2

Matching in nixpkgs

pkgs.guile-commonmark

Implementation of CommonMark for Guile

nixos-unstable 2020-04-30
- nixpkgs-unstable 2020-04-30
- nixos-unstable-small 2020-04-30
nixos-25.11 2020-04-30
- nixos-25.11-small 2020-04-30
- nixpkgs-25.11-darwin 2020-04-30

pkgs.rubyPackages.commonmarker

None

nixos-unstable 0.23.12
- nixpkgs-unstable 0.23.12
- nixos-unstable-small 0.23.12
nixos-25.11 0.23.12
- nixos-25.11-small 0.23.12
- nixpkgs-25.11-darwin 0.23.12

pkgs.haskellPackages.commonmark

Pure Haskell commonmark parser

nixos-unstable 0.2.6.1
- nixpkgs-unstable 0.2.6.1
- nixos-unstable-small 0.2.6.1
nixos-25.11 0.2.6.1
- nixos-25.11-small 0.2.6.1
- nixpkgs-25.11-darwin 0.2.6.1

pkgs.python312Packages.commonmark

Python CommonMark parser

nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python313Packages.commonmark

Python CommonMark parser

nixos-unstable 0.9.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1
nixos-25.11 0.9.1
- nixos-25.11-small 0.9.1
- nixpkgs-25.11-darwin 0.9.1

pkgs.python314Packages.commonmark

Python CommonMark parser

nixos-unstable 0.9.1
- nixpkgs-unstable 0.9.1
- nixos-unstable-small 0.9.1

pkgs.rubyPackages_3_1.commonmarker

None

pkgs.rubyPackages_3_2.commonmarker

None

pkgs.rubyPackages_3_3.commonmarker

None

nixos-unstable 0.23.12
- nixpkgs-unstable 0.23.12
- nixos-unstable-small 0.23.12
nixos-25.11 0.23.12
- nixos-25.11-small 0.23.12
- nixpkgs-25.11-darwin 0.23.12

pkgs.rubyPackages_3_4.commonmarker

None

nixos-unstable 0.23.12
- nixpkgs-unstable 0.23.12
- nixos-unstable-small 0.23.12
nixos-25.11 0.23.12
- nixos-25.11-small 0.23.12
- nixpkgs-25.11-darwin 0.23.12

pkgs.rubyPackages_4_0.commonmarker

None

nixos-unstable 0.23.12
- nixpkgs-unstable 0.23.12
- nixos-unstable-small 0.23.12
nixos-25.11 0.23.12
- nixos-25.11-small 0.23.12
- nixpkgs-25.11-darwin 0.23.12

pkgs.haskellPackages.commonmark-cli

Command-line commonmark converter and highlighter

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.11 0.2.1
- nixos-25.11-small 0.2.1
- nixpkgs-25.11-darwin 0.2.1

pkgs.python312Packages.recommonmark

Docutils-compatibility bridge to CommonMark

nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python313Packages.recommonmark

Docutils-compatibility bridge to CommonMark

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.11 0.7.1
- nixos-25.11-small 0.7.1
- nixpkgs-25.11-darwin 0.7.1

pkgs.python314Packages.recommonmark

Docutils-compatibility bridge to CommonMark

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1

pkgs.rubyPackages.jekyll-commonmark

None

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.4.0
- nixos-25.11-small 1.4.0
- nixpkgs-25.11-darwin 1.4.0

pkgs.tests.nixosOptionsDoc.commonMark

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.haskellPackages.commonmark-pandoc

Bridge between commonmark and pandoc AST

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3
nixos-25.11 0.2.3
- nixos-25.11-small 0.2.3
- nixpkgs-25.11-darwin 0.2.3

pkgs.haskellPackages.commonmark-simple

Simple interface to commonmark-hs

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.2.0.0
- nixos-25.11-small 0.2.0.0
- nixpkgs-25.11-darwin 0.2.0.0

pkgs.haskellPackages.commonmark-initial

An initial encoding of the CommonMark language

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.rubyPackages_3_1.jekyll-commonmark

None

pkgs.rubyPackages_3_2.jekyll-commonmark

None

pkgs.rubyPackages_3_3.jekyll-commonmark

None

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.4.0
- nixos-25.11-small 1.4.0
- nixpkgs-25.11-darwin 1.4.0

pkgs.rubyPackages_3_4.jekyll-commonmark

None

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.4.0
- nixos-25.11-small 1.4.0
- nixpkgs-25.11-darwin 1.4.0

pkgs.rubyPackages_4_0.jekyll-commonmark

None

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0
nixos-25.11 1.4.0
- nixos-25.11-small 1.4.0
- nixpkgs-25.11-darwin 1.4.0

pkgs.haskellPackages.commonmark-wikilink

Obsidian-friendly commonmark wikilink parser

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.2.0.0
- nixos-25.11-small 0.2.0.0
- nixpkgs-25.11-darwin 0.2.0.0

pkgs.haskellPackages.commonmark-extensions

Pure Haskell commonmark parser

nixos-unstable 0.2.6
- nixpkgs-unstable 0.2.6
- nixos-unstable-small 0.2.6
nixos-25.11 0.2.6
- nixos-25.11-small 0.2.6
- nixpkgs-25.11-darwin 0.2.6

pkgs.rubyPackages.jekyll-commonmark-ghpages

None

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1
nixos-25.11 0.5.1
- nixos-25.11-small 0.5.1
- nixpkgs-25.11-darwin 0.5.1

pkgs.rubyPackages_3_1.jekyll-commonmark-ghpages

None

pkgs.rubyPackages_3_2.jekyll-commonmark-ghpages

None

pkgs.rubyPackages_3_3.jekyll-commonmark-ghpages

None

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1
nixos-25.11 0.5.1
- nixos-25.11-small 0.5.1
- nixpkgs-25.11-darwin 0.5.1

pkgs.rubyPackages_3_4.jekyll-commonmark-ghpages

None

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1
nixos-25.11 0.5.1
- nixos-25.11-small 0.5.1
- nixpkgs-25.11-darwin 0.5.1

pkgs.rubyPackages_4_0.jekyll-commonmark-ghpages

None

nixos-unstable 0.5.1
- nixpkgs-unstable 0.5.1
- nixos-unstable-small 0.5.1
nixos-25.11 0.5.1
- nixos-25.11-small 0.5.1
- nixpkgs-25.11-darwin 0.5.1

Permalink CVE-2024-22051

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year ago

CommonMarker Integer Overflow Vulnerability

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.

References

https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x x_transferredrelated
https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-w… vendor-advisoryx_transferred
https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63… x_transferredpatch
https://github.com/advisories/GHSA-fmx4-26r3-wxpf x_transferredthird-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf x_transferredthird-party-advisory

Affected products

commonmarker

<0.23.4

Matching in nixpkgs

pkgs.rubyPackages.commonmarker

None

nixos-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_1.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_2.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_3.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

pkgs.rubyPackages_3_4.commonmarker

None

nixos-unstable 0.23.10
- nixpkgs-unstable 0.23.10
- nixos-unstable-small 0.23.10

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.guile-commonmark

pkgs.rubyPackages.commonmarker

pkgs.haskellPackages.commonmark

pkgs.python312Packages.commonmark

pkgs.python313Packages.commonmark

pkgs.python314Packages.commonmark

pkgs.rubyPackages_3_1.commonmarker

pkgs.rubyPackages_3_2.commonmarker

pkgs.rubyPackages_3_3.commonmarker

pkgs.rubyPackages_3_4.commonmarker

pkgs.rubyPackages_4_0.commonmarker

pkgs.haskellPackages.commonmark-cli

pkgs.python312Packages.recommonmark

pkgs.python313Packages.recommonmark

pkgs.python314Packages.recommonmark

pkgs.rubyPackages.jekyll-commonmark

pkgs.tests.nixosOptionsDoc.commonMark

pkgs.haskellPackages.commonmark-pandoc

pkgs.haskellPackages.commonmark-simple

pkgs.haskellPackages.commonmark-initial

pkgs.rubyPackages_3_1.jekyll-commonmark

pkgs.rubyPackages_3_2.jekyll-commonmark

pkgs.rubyPackages_3_3.jekyll-commonmark

pkgs.rubyPackages_3_4.jekyll-commonmark

pkgs.rubyPackages_4_0.jekyll-commonmark

pkgs.haskellPackages.commonmark-wikilink

pkgs.haskellPackages.commonmark-extensions

pkgs.rubyPackages.jekyll-commonmark-ghpages

pkgs.rubyPackages_3_1.jekyll-commonmark-ghpages

pkgs.rubyPackages_3_2.jekyll-commonmark-ghpages

pkgs.rubyPackages_3_3.jekyll-commonmark-ghpages

pkgs.rubyPackages_3_4.jekyll-commonmark-ghpages

pkgs.rubyPackages_4_0.jekyll-commonmark-ghpages

References

Affected products

Matching in nixpkgs

pkgs.rubyPackages.commonmarker

pkgs.rubyPackages_3_1.commonmarker

pkgs.rubyPackages_3_2.commonmarker

pkgs.rubyPackages_3_3.commonmarker

pkgs.rubyPackages_3_4.commonmarker