Lucene search
K

289 matches found

CNNVD
CNNVD
added 2026/05/06 12:0 a.m.14 views

mistune 安全漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune from 3.0.0a1 to 3.2.0 contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack involving regular expressions in LINKTITLERE, which could allow attackers to...

8.7CVSS5.8AI score0.00481EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38088

Name of the Vulnerable Software and Affected Versions Mistune versions 3.0.0a1 through 3.2.0 Description A Regular Expression Denial of Service ReDoS exists in the LINK TITLE RE regular expression. An attacker can provide specially crafted Markdown for parsing that triggers catastrophic...

8.7CVSS5.7AI score0.00481EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38261

Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...

8.7CVSS5.8AI score
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.8 views

mistune: catastrophic backtracking

A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...

7.5CVSS7.4AI score0.01215EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/16 10:49 a.m.6 views

mistune: catastrophic backtracking

A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...

7.5CVSS7.4AI score0.01215EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.24 views

EUVD-2017-0075

Malware in sbrugna...

6.1CVSS6AI score0.00923EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0074

Malware in sbrugna...

6.1CVSS6AI score0.02216EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0155

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.01215EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-16876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HT...

6.1CVSS6.2AI score0.02216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-15612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink...

6.1CVSS6AI score0.00923EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-34749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge...

7.5CVSS6.7AI score0.01215EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.12 views

Fedora 37 : python-m2r / python-mistune / python-mistune08 / etc (2022-e4f5866111)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-e4f5866111 advisory. - updates mistune to 2.0.4 - m2r updated to pin dependency to mistune 2 - new package: python-mistune08 compatibility package, to be used by dependents that...

7.5CVSS7AI score0.01215EPSS
Exploits0References2
OSV
OSV
added 2024/07/12 12:0 a.m.8 views

OPENSUSE-SU-2024:14148-1 python310-mistune-3.0.2-2.5 on GA media

These are all security issues fixed in the python310-mistune-3.0.2-2.5 package on the GA media of openSUSE Tumbleweed...

6.1CVSS6.2AI score0.02216EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.6 views

OPENSUSE-SU-2024:12350-1 python310-mistune-2.0.4-1.1 on GA media

These are all security issues fixed in the python310-mistune-2.0.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.6AI score0.01215EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:11239-1 python36-mistune-0.8.4-3.5 on GA media

These are all security issues fixed in the python36-mistune-0.8.4-3.5 package on the GA media of openSUSE Tumbleweed...

6.1CVSS6.5AI score0.02216EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/12/20 8:0 p.m.20 views

CVE-2022-34749

A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...

7.5CVSS6.8AI score0.01215EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.4 views

SUSE CVE-2017-16876

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

6.1CVSS6.1AI score0.02216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

7.5CVSS9.2AI score0.01215EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.23 views

Fedora: Security Advisory for python-mistune (FEDORA-2022-e4f5866111)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.01215EPSS
Exploits0References2
Rows per page
Query Builder