GHSA-P9WX-2529-FP83 Marked allows Regular Expression Denial of Service (ReDoS) attacks

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

CVE-2025-24673

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AyeCode Ketchup Shortcodes ketchup-shortcodes-pack allows Stored XSS.This issue affects Ketchup Shortcodes: from n/a through = 0.1.2...

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-45053

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3...

CVE-2023-46310

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10...

CVE-2023-47663

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5...

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-28121

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field...

CVE-2020-27511

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

Python Library Django 4.2.x < 4.2.21 / 5.1.x < 5.1.9 / 5.2.x < 5.2.1 DoS

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.21 or 5.1.x prior to 5.1.9 or 5.2.x prior to 5.2.1. It is, therefore, affected by a denial of service vulnerability as disclosed in Django's May 7th 2025 security advisory. The django.utils.html.striptags function is...

MGASA-2025-0153 Updated python-django packages fix security vulnerability

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

PYSEC-2025-37

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

CVE-2025-32873 affects Django: vulnerable in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The issue is in django.utils.html.strip_tags(), which can be exploited to cause a denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTM...

USN-7501-1: Django vulnerability

Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

PT-2025-20317 · Django +5 · Django +5

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.20 Django versions 5.1 through 5.1.8 Django versions 5.2 through 5.2.0 Description: An issue was discovered in Django, where the django.utils.html.strip tags function is vulnerable to a potential...

Denial Of Service (DoS)

python-markdownify is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to handling excessively large HTML headline tags like , which consume significant memory during processing...

CVE-2025-32073

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows Cross-Site Scripting XSS.This issue affects Mediawiki - HTML Tags: from 1.39 through 1.43...