Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2025-23207

Medium priority
Fixed

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs...

1 affected package

node-katex

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-katex Fixed Fixed Not affected Not affected
Show less packages

CVE-2024-28246

Medium priority

Some fixes available 1 of 2

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use...

1 affected package

node-katex

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-katex Not affected Fixed Not affected Not affected
Show less packages

CVE-2024-28245

Medium priority

Some fixes available 1 of 2

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate...

1 affected package

node-katex

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-katex Not affected Fixed Not affected Not affected
Show less packages

CVE-2024-28244

Medium priority
Ignored

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite...

1 affected package

node-katex

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-katex Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-28243

Medium priority

Some fixes available 1 of 2

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand`...

1 affected package

node-katex

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-katex Not affected Fixed Not affected Not affected
Show less packages