CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Digitalocean: >> Do-Markdownit Security Vulnerabilities

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).

CVSS Score

5.4

EPSS Score

0.0

Published

2025-09-19

Page 1

Vulnerabilities

Vulnerable Software

Digitalocean: >> Do-Markdownit Security Vulnerabilities

Products

Pricing

Contact Us