52 matches found
mXSS in ammonia via MathML `annotation-xml` encoding strip
If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...
RUSTSEC-2026-0193 mXSS in ammonia via MathML `annotation-xml` encoding strip
If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...
Fedora: Security Advisory (FEDORA-2025-074aba6ad4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2021-1568
Malware in sbrugna...
EUVD-2021-1575
Malware in sbrugna...
EUVD-2025-30825
Malicious code in bioql PyPI...
Fedora: Security Advisory (FEDORA-2025-1be5992b52)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-7ec84ba6e9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 41 Update: rust-ammonia-3.3.1-1.fc41
HTML Sanitization...
[SECURITY] Fedora 41 Update: python-nh3-0.2.15-7.fc41
Python binding to Ammonia HTML sanitizer Rust crate...
[SECURITY] Fedora 42 Update: python-nh3-0.2.21-2.fc42
Python binding to Ammonia HTML sanitizer Rust crate...
[SECURITY] Fedora 42 Update: rust-ammonia-4.0.1-1.fc42
HTML Sanitization...
[SECURITY] Fedora 43 Update: rust-ammonia-4.1.2-1.fc43
HTML Sanitization...
[SECURITY] Fedora 43 Update: python-nh3-0.2.21-8.fc43
Python binding to Ammonia HTML sanitizer Rust crate...
Fedora 42 : python-nh3 / rust-ammonia (2025-7ec84ba6e9)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-7ec84ba6e9 advisory. Update the ammonia crate to version 4.0.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
Fedora 41 : python-nh3 / rust-ammonia (2025-1be5992b52)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-1be5992b52 advisory. Update the ammonia crate to version 3.3.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
Fedora 43 : python-nh3 / rust-ammonia (2025-074aba6ad4)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-074aba6ad4 advisory. Update the ammonia crate to version 4.1.2 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
Cross-site Scripting (XSS)
Overview ammonia is a whitelist-based HTML sanitization library. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleaning process when handling embedded svg or math tags. An attacker can execute arbitrary scripts in the context of the affected application by...
GHSA-MM7X-QFJJ-5G2C Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...
fluminurs (>=0.1.1 <=0.1.6), html2pango (>=0.2.0 <=0.3.2) +3 more potentially affected by unknown CVE via ammonia (>=2.1.4 <=3.1.4)
ammonia CARGO version =2.1.4, =0.1.1, =0.2.0, =0.3.0, =0.3.1 - telereads =0.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-MM7X-QFJJ-5G2C...