npm/katex — 5 CVEs

MEDIUM6.5CVE-2024-28244KaTeX's maxExpand bypassed by Unicode sub/superscripts

>= 0.15.4, < 0.16.10

MEDIUM6.5CVE-2024-28243KaTeX's maxExpand bypassed by `\edef`

>= 0.12.0, < 0.16.10

MEDIUM6.3CVE-2025-23207KaTeX \htmlData does not validate attribute names

>= 0.12.0, < 0.16.21

MEDIUM6.3CVE-2024-28245KaTeX's `\includegraphics` does not escape filename

>= 0.11.0, < 0.16.10

MEDIUM5.5KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols

>= 0.11.0, < 0.16.10

pkg:npm/katex