any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-R8CJ-3554-33MR...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16318347...

any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-VRX2-77F2-WW34...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16032358...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-15928878...

GHSA-5VP3-3CG6-2RQ3 JustHTML is vulnerable to XSS via code fence breakout in <pre> content

Summary tomarkdown is vulnerable when serializing attacker-controlled content. The handler emits a fixed three-backtick fenced code block, but writes decoded text content into that fence without choosing a delimiter longer than any backtick run inside the content. An attacker can place backticks...