This page aggregates publicly disclosed CVE and security risk information related to digitalocean, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-59717 | In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array). | [email protected] | 5.4 | 0.05% | 2025-09-19 | 2025-10-08 |
| CVE-2020-36569 | Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token. | [email protected] | 9.1 | 0.36% | 2022-12-27 | 2025-04-11 |