UBUNTU-CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

mistune 安全漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune from 3.0.0a1 to 3.2.0 contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack involving regular expressions in LINKTITLERE, which could allow attackers to...

biobb-io (>=0.0.1 <=0.0.8), biobb-model (>=0.0.1 <=0.0.10) +6 more potentially affected by CVE-2017-15612 via mistune (>=0.7.3 <=0.7.4)

mistune PYPI version =0.7.3, =0.0.1, =0.0.1, =0.0.6, =0.2.1, =2.2.20170208112505, =0.1.0, =0.1.2, =0.3.2 Source cves: CVE-2017-15612 Source advisory: OSV:GHSA-HPV5-V8G5-C864...