HyperDown vulnerable to Cross-site Scripting
The package joyqi/hyper-down from 0.0.0 is vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
Advisories for Composer/Joyqi/Hyper-Down package
2022