{"id":"GO-2026-5320","summary":"Cross-site Scripting (XSS) in github.com/yuin/goldmark","details":"Cross-site Scripting (XSS) in github.com/yuin/goldmark","aliases":["CVE-2026-5160","GHSA-c97m-vxhj-p7j6"],"modified":"2026-07-07T20:30:13.593934400Z","published":"2026-07-07T16:52:19Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-5320"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-c97m-vxhj-p7j6"},{"type":"FIX","url":"https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMYUINGOLDMARKRENDERERHTML-15838406"}],"affected":[{"package":{"name":"github.com/yuin/goldmark","ecosystem":"Go","purl":"pkg:golang/github.com/yuin/goldmark"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.7.17"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/yuin/goldmark/renderer/html","symbols":["Renderer.renderAutoLink","Renderer.renderImage","Renderer.renderLink"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-5320.json"}}],"schema_version":"1.7.5"}