Lucene search
K

300 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.16 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

6.1CVSS5.7AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/25 10:48 a.m.13 views

CVE-2026-33079

A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...

8.7CVSS5.8AI score0.00481EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.11 views

CVE-2026-44708 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44708 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.9 views

CVE-2026-44896 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44896 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...

6.1CVSS5.8AI score0.00198EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.17 views

CVE-2026-44899 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44899 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.6 views

CVE-2026-33079 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-33079 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...

8.7CVSS5.8AI score0.00481EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.5 views

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +137 more potentially affected by CVE-2026-44899 via mistune (>=3.0.0 <=3.2.0)

mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44899 Source advisory: SNYK:PYTHON-MISTUNE-16697357...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.15 views

fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44899 via mistune (=3.2.0)

mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44899 Source advisory:...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.8 views

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +137 more potentially affected by CVE-2026-44898 via mistune (>=3.0.0 <=3.2.0)

mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44898 Source advisory: SNYK:PYTHON-MISTUNE-16697348...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.9 views

fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44898 via mistune (=3.2.0)

mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44898 Source advisory:...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.10 views

Mistune TOC Anchor Injection XSS

Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...

6.1CVSS6AI score0.00228EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/14 4:36 p.m.4 views

GHSA-6269-CQXG-MHHV Mistune TOC Anchor Injection XSS

Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...

6.1CVSS6AI score0.00228EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41147

Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...

4.7CVSS5.9AI score0.00228EPSS
Exploits1References6
Circl
Circl
added 2026/05/12 6:7 a.m.10 views

CVE-2026-44898

creationtimestamp| type| source ---|---|--- 2026-05-12 06:07:08+00:00| published-proof-of-concept| https://github.com/lepture/mistune/security/advisories/GHSA-6269-cqxg-mhhv...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/12 12:0 a.m.3 views

OPENSUSE-SU-2026:10761-1 python311-mistune-3.2.1-1.1 on GA media

These are all security issues fixed in the python311-mistune-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.7CVSS5.8AI score0.00481EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:3 a.m.19 views

Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

...

8.7CVSS5.8AI score0.00481EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/09 12:13 a.m.6 views

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44897 via mistune (>=0.7.3 <=3.2.0)

mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44897 Source advisory: OSV:GHSA-V87V-83H2-53W7...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/09 12:13 a.m.11 views

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...

6.1CVSS5.7AI score0.00228EPSS
Exploits1
Rows per page
Query Builder