Inefficient Regular Expression Complexity
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.
Advisories for Npm/Mathjax package
2023
2018
Cross-site Scripting
MathJax contains a Cross Site Scripting (XSS) vulnerability in the unicode{} macro that can result in potentially untrusted Javascript running within a web browser. The victim must view a page where untrusted content is processed using Mathjax.