300 matches found
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...
CVE-2026-33079
A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...
CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...
CVE-2026-44708 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44708 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...
CVE-2026-44896 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44896 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-44899 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44899 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...
CVE-2026-33079 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-33079 affecting package python-mistune for versions less than 3.2.1-1. An upgraded version of the package is available that resolves this issue...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +137 more potentially affected by CVE-2026-44899 via mistune (>=3.0.0 <=3.2.0)
mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44899 Source advisory: SNYK:PYTHON-MISTUNE-16697357...
fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44899 via mistune (=3.2.0)
mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44899 Source advisory:...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +137 more potentially affected by CVE-2026-44898 via mistune (>=3.0.0 <=3.2.0)
mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44898 Source advisory: SNYK:PYTHON-MISTUNE-16697348...
fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44898 via mistune (=3.2.0)
mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44898 Source advisory:...
Mistune TOC Anchor Injection XSS
Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...
GHSA-6269-CQXG-MHHV Mistune TOC Anchor Injection XSS
Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...
PT-2026-41147
Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...
CVE-2026-44898
creationtimestamp| type| source ---|---|--- 2026-05-12 06:07:08+00:00| published-proof-of-concept| https://github.com/lepture/mistune/security/advisories/GHSA-6269-cqxg-mhhv...
OPENSUSE-SU-2026:10761-1 python311-mistune-3.2.1-1.1 on GA media
These are all security issues fixed in the python311-mistune-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed...
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44897 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44897 Source advisory: OSV:GHSA-V87V-83H2-53W7...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-44897 via mistune (>=3.0.0rc5 <=3.2.0)
mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44897 Source advisory: SNYK:PYTHON-MISTUNE-16624520...