| CVE-2026-33079 |
high |
— |
8.0 |
|
|
|
23d ago |
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input |
| CVE-2026-44897 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM… |
| CVE-2026-44708 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con… |
| CVE-2026-44899 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^… |
| CVE-2026-44896 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc… |
| CVE-2026-44898 |
medium |
6.1 |
6.1 |
|
|
|
15d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a… |
| CVE-2017-16876 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t… |
| CVE-2017-15612 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. |
| CVE-2026-33441 |
unknown |
— |
— |
|
|
|
23d ago |
Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input |
| CVE-2022-34749 |
unknown |
— |
— |
|
|
|
4y ago |
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named ca… |