prismjs

npm6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting prismjspage 1 of 1

CVE-2020-15138HIGHCVSS 7.1EG 7.1✓ Fixed in 1.21.0
2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explore…
CVE-2021-23341HIGHCVSS 7.5EG 7.5✓ Fixed in 1.23.0
2021-02-18
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.
CVE-2021-32723HIGHCVSS 7.4EG 7.4✓ Fixed in 1.24.0
2021-06-28
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take…
CVE-2021-3801MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.25.0
2021-09-15
prism is vulnerable to Inefficient Regular Expression Complexity
CVE-2022-23647HIGHCVSS 7.5EG 7.5✓ Fixed in 1.27.0
2022-02-18
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escap…
CVE-2024-53382MEDIUMCVSS 4.9EG 4.9✓ Fixed in 1.30.0
2025-03-03
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML …

Check whether prismjs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for prismjs CVEs against the assets you own.

Start Free Scan →