marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
CVSS Metrics
