[MEDIUM] league/commonmark contains a XSS vulnerability in Attributes extension

PKSA-rqc2-tcc6-nc79 CVE-2025-46734 GHSA-3527-qv2q-pfvx

Affected version: <2.7.0

Reported by:
GitHub

[HIGH] league/commonmark's quadratic complexity bugs may lead to a denial of service

PKSA-fndg-qryc-dyc9 GHSA-c2pc-g5qf-rfrf

Affected version: <2.6.0

Reported by:
GitHub