Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

league/commonmark

Ecosystem:
packagist
Package URL:
pkg:composer/league/commonmark
Total PRs:
906 Dependabot PRs
Latest PR:
23 days ago
Unique Repositories:
746 repositories
Unique Repos (30 days):
2 repositories
Security Advisories
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
GHSA-qx76-c53f-5c7q CVE-2018-20583 MODERATE published about 4 years ago • updated about 24 hours ago
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers ...
league/commonmark's quadratic complexity bugs may lead to a denial of service
GHSA-c2pc-g5qf-rfrf HIGH published over 1 year ago • updated 3 months ago
### Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of servi...
CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
GHSA-4v6x-c7xx-hw9f CVE-2026-30838 MODERATE published 3 months ago • updated about 1 month ago
### Impact The `DisallowedRawHtml` extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed...
league/commonmark has an embed extension allowed_domains bypass
GHSA-hh8v-hgvp-g3f5 CVE-2026-33347 MODERATE published 3 months ago • updated 19 days ago
### Impact The `DomainFilteringAdapter` in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion i...
league/commonmark contains a XSS vulnerability in Attributes extension
GHSA-3527-qv2q-pfvx CVE-2025-46734 MODERATE published about 1 year ago • updated 6 days ago
### Summary Cross-site scripting (XSS) vulnerability in the [Attributes extension](https://commonmark.thephpleague.com/extensions/attributes/) of t...
View all 6 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump league/commonmark from 2.8.1 to 2.8.2

scify/Memor-i-Studio #50

2.8.1 → 2.8.2 Patch PR
Closed about 2 months ago 1 comment
scify
chore(deps): bump league/commonmark from 2.8.0 to 2.8.2

ltac0203-pixel/fleximo-oss #15

2.8.0 → 2.8.2 Patch PR
Open 2 months ago 3 comments
ltac0203-pixel
Bump the composer group across 1 directory with 2 updates

pixelated-au/streamline #12

2.8.0 → 2.8.2 Patch PR
Closed 2 months ago 1 comment
pixelated-au
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel_project

shumasod/laravel_project #195

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
shumasod
Bump league/commonmark from 2.8.0 to 2.8.2

alleyinteractive/wp-component-library #59

2.8.0 → 2.8.2 Patch PR
Open 3 months ago 1 comment
alleyinteractive
build(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel in the composer group across 1 directory

sentry-demos/empower #1371

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
sentry-demos
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory

bherila/2025-website #90

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
bherila
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2

UN-OCHA/rwint9-site #1375

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 2 comments
UN-OCHA
Bump league/commonmark from 2.8.1 to 2.8.2

AkibaAT/fvn.li #212

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
AkibaAT
Bump league/commonmark from 2.8.1 to 2.8.2 in /drupal

vrk-kpa/opendata #3132

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
vrk-kpa
Bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory

GuilhermeStracini/POC-GHActions-CI-PHPLaravel #411

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 7 comments
GuilhermeStracini
(chore): Bump league/commonmark from 2.8.1 to 2.8.2

yardinternet/wp-live-content #14

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
yardinternet
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2

David-Crty/databasement #180

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
David-Crty
chore(deps): bump league/commonmark from 2.8.0 to 2.8.2 in /minimal-templates/laravel

yuuu-takahashi/starter-templates #47

2.8.0 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
yuuu-takahashi
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2

marcelorodrigo/freshguard #231

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 2 comments
marcelorodrigo
Bump league/commonmark from 2.8.1 to 2.8.2

invoiceninja/invoiceninja #11805

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
invoiceninja
Bump league/commonmark from 2.8.1 to 2.8.2

128na/simutrans-portal #483

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
128na
Bump league/commonmark from 2.8.1 to 2.8.2

jstanden/cerb #1866

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
jstanden
Bump league/commonmark from 2.8.1 to 2.8.2

CCSDForge/episciences #957

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
CCSDForge
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2

waynestate/base-site #909

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
waynestate
(chore): Bump league/commonmark from 2.8.1 to 2.8.2

yardinternet/wp-webmanifest #54

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
yardinternet
Bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory

scify/Talk-And-Play-Marketplace #51

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
scify
build(deps): bump league/commonmark from 2.8.1 to 2.8.2

bakaphp/kanvas-ecosystem-api #8815

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
bakaphp
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2

lanedirt/OGameX #1302

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
lanedirt
build(deps): bump league/commonmark from 2.8.1 to 2.8.2

nasirkhan/laravel-starter #760

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
nasirkhan
(chore): Bump league/commonmark from 2.8.1 to 2.8.2

yardinternet/brave-components #31

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
yardinternet
Chore(deps): Bump league/commonmark from 2.8.1 to 2.8.2

metanull/inventory-app #617

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
metanull
Build(deps): Bump league/commonmark from 2.8.1 to 2.8.2

THM-Health/PILOS #2947

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
THM-Health
chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory

SecPal/api #611

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
SecPal
(chore): Bump league/commonmark from 2.8.1 to 2.8.2

yardinternet/wp-block-registrar #24

2.8.1 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
yardinternet
chore(deps): bump league/commonmark from 2.8.0 to 2.8.2

LennyObez/pulsar-framework #388

2.8.0 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
LennyObez
Bump league/commonmark from 2.8.0 to 2.8.2

benbarden/switchscores #179

2.8.0 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
benbarden
Bump league/commonmark from 2.8.0 to 2.8.2

codebar-ag/laravel-event-logs #8

2.8.0 → 2.8.2 Patch PR
Closed 3 months ago 1 comment
codebar-ag
chore(deps): bump league/commonmark from 2.8.0 to 2.8.2 in /webapp

P3chys/Entoo2 #103

2.8.0 → 2.8.2 Patch PR
Open 3 months ago 2 comments
P3chys
chore(deps): bump league/commonmark from 2.8.0 to 2.8.2

neontribe/ARCVService #852

2.8.0 → 2.8.2 Patch PR
Closed 3 months ago 2 comments
neontribe
Bump league/commonmark from 2.8.0 to 2.8.2 in /imageViewer

mkaraki/IllustStore #232

2.8.0 → 2.8.2 Patch PR
Open 3 months ago 2 comments
mkaraki
build(deps): Bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory

canyongbs/advisingapp #2381

2.8.1 → 2.8.2 Patch PR
Open 3 months ago 1 comment
canyongbs
chore(deps): bump league/commonmark from 2.8.0 to 2.8.1 in /laravel_project

shumasod/laravel_project #168

2.8.0 → 2.8.1 Patch PR
Open 3 months ago 1 comment
shumasod
Bump league/commonmark from 2.8.0 to 2.8.1

alleyinteractive/wp-component-library #58

2.8.0 → 2.8.1 Patch PR
Open 3 months ago 1 comment
alleyinteractive
build(deps): bump league/commonmark from 2.8.0 to 2.8.1 in the composer group across 1 directory

qenex-ai/coolify #35

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
qenex-ai
Bump league/commonmark from 2.8.0 to 2.8.1

OpenSID/OpenDK #1479

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
OpenSID
Bump league/commonmark from 2.8.0 to 2.8.1

raydanielg/emarking #8

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
raydanielg
Bump league/commonmark from 2.8.0 to 2.8.1 in /my-app

supuna97/Laravel-repository-pattern #6

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
supuna97
build(deps): bump league/commonmark from 2.8.0 to 2.8.1 in /backend

Biguelini/mealflow #15

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
Biguelini
build(deps): bump league/commonmark from 2.8.0 to 2.8.1

e5vos/e5vosdosite #528

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
e5vos
Bump league/commonmark from 2.8.0 to 2.8.1 in the composer group across 1 directory

GuilhermeStracini/POC-GHActions-CI-PHPLaravel #400

2.8.0 → 2.8.1 Patch PR
Open 3 months ago 6 comments
GuilhermeStracini
Bump league/commonmark from 2.8.0 to 2.8.1

shikorism/tissue #1674

2.8.0 → 2.8.1 Patch PR
Open 3 months ago 1 comment
shikorism
chore(deps): bump league/commonmark from 2.8.0 to 2.8.1 in the composer group across 1 directory

dfo-osdt/osp #1453

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
dfo-osdt
build(deps): bump league/commonmark from 2.8.0 to 2.8.1

iurygdeoliveira/labSIS-KIT #10

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
iurygdeoliveira
Bump league/commonmark from 2.8.0 to 2.8.1

invokable/adsense-project #28

2.8.0 → 2.8.1 Patch PR
Closed 3 months ago 1 comment
invokable
Package Details
Name: league/commonmark
Ecosystem: packagist
PURL Type: composer
Package URL: pkg:composer/league/commonmark
JSON API: View JSON
Security Advisories

6

Active advisories
HIGH 1
MODERATE 5
View All composer Advisories
Package Information
Description:

Highly-extensible PHP Markdown parser which fully supports the CommonMark spec and GitHub-Flavored Markdown (GFM)

Repository: https://github.com/thephpleague/commonmark
Homepage: https://commonmark.thephpleague.com
Latest Release: 2.7.0
about 1 year ago
Dependent Repos: 238,335
Dependent Packages: 477
Downloads: 320,012,534
Ranking: Top 0.0215% by dependent repos Top 0.0298% by downloads Top 0.0814% by dependent pkgs
PR Status
Open 291 (32.1%)
Merged 264 (29.1%)
Closed 271 (29.9%)
PR Types
Major 6 (0.7%)
Minor 696 (76.8%)
Patch 123 (13.6%)