Thephpleague Vulnerabilities
Comprehensive security vulnerability database for Thephpleague products
1
0
1
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-30838 | 5.1 | This vulnerability allows an attacker to inject malicious HTML, like a script tag, into applications that use a specific Markdown parser to handle user input, potentially leading to cross-site scripting (XSS) attacks. It can be exploited by cleverly inserting whitespace in disallowed HTML tags, and it affects any application relying on the parser's built-in sanitization without additional protections. | thephpleaguecommonmark | Exploit Available | about 1 month agoMar 7, 2026 |
About Thephpleague Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Thephpleague products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.