Álvaro Mondéjar Rubio

2 exploits Active since Aug 2025

CVE-2024-48908 WRITEUP MEDIUM WRITEUP

lycheeverse/lychee-action < 2.0.2 - Code Injection via lychee-setup in action.yml

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.

View Code

CVE-2025-59940 WRITEUP MEDIUM WRITEUP

mkdocs-include-markdown-plugin < 7.1.8 - Improper Input Validation

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.

CVSS 6.5

View Code