Advisories for Npm/Showdown package

Showdownjs, versions <= 2.1.0, anchors subparser used to parse links has a nested regular expression which can lead to denial of service conditions given malicious input.

Versions of showdown are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.