Advisories for Npm/Marky-Markdown package

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. ## Recommendation This package is no longer maintained. Please upgrade to @npmcorp/marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This This package is no longer maintained. Please upgrade to @npmcorp/marky-markdown