{"package":"github.com/gomarkdown/markdown","ecosystem":"go","latest_version":"v0.0.0-20260417124207-7d523f7318df","description":"markdown parser and HTML renderer for Go","license":"BSD-2-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/gomarkdown/markdown","repository":"https://github.com/gomarkdown/markdown","downloads_weekly":1699,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":25,"popularity":6,"security":13,"maturity":9,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":5,"critical":0,"high":2,"medium":1,"low":2,"details":[{"vuln_id":"CVE-2026-40890","severity":"high","summary":"Go Markdown has an Out-of-bounds Read in SmartypantsRenderer","affected_versions":"<0.0.0-20260411013819-759bbc3e3207","fixed_version":"0.0.0-20260411013819-759bbc3e3207","source":"osv","published_at":"2026-04-14T22:38:20Z","in_kev":false,"epss_prob":0.0005,"epss_percentile":0.15268,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-42821","severity":"high","summary":"Markdown vulnerable to Out-of-bounds Read while parsing citations","affected_versions":"<0.0.0-20230922105210-14b16010c2ee","fixed_version":"0.0.0-20230922105210-14b16010c2ee","source":"osv","published_at":"2023-09-22T19:59:49Z","in_kev":false,"epss_prob":0.00483,"epss_percentile":0.65233,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-44337","severity":"medium","summary":"Infinite loop in github.com/gomarkdown/markdown","affected_versions":"<0.0.0-20240729212818-a2a9c4f76ef5","fixed_version":"0.0.0-20240729212818-a2a9c4f76ef5","source":"osv","published_at":"2024-10-15T21:30:39Z","in_kev":false,"epss_prob":0.04042,"epss_percentile":0.88541,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-42821","severity":"unknown","summary":"Parser out-of-bounds read caused by a malformed markdown input in github.com/gomarkdown/markdown","affected_versions":"<0.0.0-20230922105210-14b16010c2ee","fixed_version":"0.0.0-20230922105210-14b16010c2ee","source":"osv","published_at":"2023-09-22T22:04:21Z","in_kev":false,"epss_prob":0.00483,"epss_percentile":0.65233,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-44337","severity":"unknown","summary":"Infinite loop in github.com/gomarkdown/markdown","affected_versions":"<0.0.0-20240729212818-a2a9c4f76ef5","fixed_version":"0.0.0-20240729212818-a2a9c4f76ef5","source":"osv","published_at":"2024-12-12T15:16:09Z","in_kev":false,"epss_prob":0.04042,"epss_percentile":0.88541,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.0.0-20260417124207-7d523f7318df","total_count":0,"recent":[]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":96,"first_published":null,"last_published":"2026-04-17T12:42:07Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":1705,"forks":188,"open_issues":22,"is_archived":false,"pushed_at":"2026-04-17T12:42:08Z","subscribers_count":14},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["2 high severity vulnerabilities"],"use_version":"v0.0.0-20260417124207-7d523f7318df","version_hint":"Update to >= 0.0.0-20240729212818-a2a9c4f76ef5 to fix known vulnerabilities","summary":"github.com/gomarkdown/markdown@v0.0.0-20260417124207-7d523f7318df has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":869,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":1,"first_release_age_days":null,"last_release_days_ago":14,"avg_days_between_releases":null,"release_velocity":"active"}}