| CVE-2026-33079 |
high |
— |
8.0 |
|
|
|
23d ago |
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input |
| CVE-2026-44897 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM… |
| CVE-2026-44708 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con… |
| CVE-2026-44899 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^… |
| CVE-2026-44896 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc… |
| CVE-2026-44898 |
medium |
6.1 |
6.1 |
|
|
|
15d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a… |