Aggregates CVE and security vulnerability intelligence across all caret-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-42967 | Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. | [email protected] | 7.5 | 0.39% | 2023-01-11 | 2024-11-21 |
| CVE-2020-20269 | A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | [email protected] | 9.8 | 4.33% | 2021-01-26 | 2024-11-21 |
| CVE-2019-9927 | Caret before 2019-02-22 allows Remote Code Execution. | [email protected] | 9.8 | 8.74% | 2019-03-22 | 2024-11-21 |