python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

SUSE-SU-2026:0580-1 Security update for apptainer

This update for apptainer fixes the following issues: - CVE-2025-58190: Fixed a HTML parser misimplementation of a part of the HTML specification for table related tags. bsc1258048. - CVE-2025-47911: Fixed an issue where the HTML parser takes a very long time or even never returns. bsc1258047...

Infinite loop

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting specially...

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which can lea...

PT-2026-21708

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A mitigation bypass exists in the DOM: HTML Parser...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2529)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705 CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249 Other fixes: - Limit...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2025:02767-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02767-1 advisory. - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. -...

BIT-LIBPYTHON-2025-6069 HTMLParser quadratic complexity when processing malformed inputs

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...

HTMLParser quadratic complexity when processing malformed inputs

...

Security update for python39

This update for python39 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

Phusion Passenger 安全漏洞

Phusion Passenger is a fast and powerful web server and application server from Phusion Open Source. A security vulnerability exists in Phusion Passenger versions 6.0.21 through 6.0.25 that originates in a denial of service when the HTTP parser resolves an invalid HTTP method...

SUSE CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

VulnCheck KEV: CVE-2023-32435

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

SUSE CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

SUSE CVE-2022-0801

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. Chrome security severity: Medium...

DEBIAN-CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...