@ckeditor/ckeditor5-markdown-gfm is vulnerable to cross-site scripting. An attacker can inject and execute a malicious javascript if the library uses an unsafe markup configuration inside the editor, initializes the editor on an element that uses an element other than `` as a base, or destroys the editor instance.