CVE-2021-28796: Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
mediumvulnerability
Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).
Update to Qiita::Markdown version 0.33.0 or later. Details of the fix are available in the patch release notes at https://github.com/increments/qiita-markdown/compare/v0.32.0...v0.33.0.
6.1(medium)
EPSS: 0.2%
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
GHSA-5h3f-885m-v22w: OpenClaw: Existing WS sessions survive shared gateway token rotation
CVE-2024-35199: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-28796
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 72%