Package: r-cran-commonmark Severity: important Tags: security This was assigned CVE-2020-5238 https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 And r-cran-commonmark seems to embed a copy of cmark-gfm. Cheers, Moritz