| CVE-2026-44897 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM… |
| CVE-2026-44708 |
medium |
6.1 |
6.1 |
|
|
|
4d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con… |
| CVE-2026-44899 |
medium |
6.1 |
6.1 |
|
|
|
4d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^… |
| CVE-2026-44896 |
medium |
6.1 |
6.1 |
|
|
|
4d ago |
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc… |
| CVE-2026-44898 |
medium |
6.1 |
6.1 |
|
|
|
16d ago |
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a… |
| CVE-2017-16876 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t… |
| CVE-2017-15612 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. |