CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Python-Markdown 安全漏洞

Python-Markdown is an open-source Python implementation of a Markdown parser. Version 3.8 of Python-Markdown contains a security vulnerability. This vulnerability stems from malformed HTML sequences, which can lead to unhandled assertion errors, potentially causing remote denial-of-service attack...

CVE-2025-69534

The CVE-2025-69534 affects Python-Markdown 3.8, where malformed HTML-like sequences trigger an unhandled AssertionError in html.parser.HTMLParser during Markdown parsing. This can produce a remote, unauthenticated Denial of Service for applications rendering untrusted Markdown, with potential inf...

UBUNTU-CVE-2025-68142

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

PT-2025-51772

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

EUVD-2020-0104

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-11888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or...

Fedora: Security Advisory (FEDORA-2023-f970cbb557)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python-markdown-it-py (2023-f970cbb557)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f970cbb557 advisory. Automatic update for python-markdown-it-py-2.2.0-1.fc39. Changelog Wed Mar 15 2023 Karolina Surma - 2.2.0-1 - Update to 2.2.0, includes the fix for...

Directory traversal

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

CVE-2023-32309

CVE-2023-32309 affects PyMdown Extensions (Python-Markdown extensions) and specifically the Snippets feature. The vulnerability allows arbitrary file read via include-file syntax and directory-tr traversal beyond a configured base path, e.g. paths like /etc/passwd or /proc/self/environ can be exp...

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

PyMdown Extensions 路径遍历漏洞

PyMdown Extensions is a collection of extensions for Python Markdown. PyMdown Extensions suffers from a path traversal vulnerability that stems from vulnerability to directory traversal attacks, which could be exploited by an attacker to read arbitrary files...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-c3fb6d6b8d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: python-markdown-it-py-2.2.0-1.fc37

Markdown parser done right. Its features: Follows the CommonMark spec for baseline parsing. Has configurable syntax: you can add new rules and even replace existing ones. Pluggable: Adds syntax extensions to extend the parser. High speed & safe by default...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-8ff3ba5fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : python-markdown-it-py (2023-c3fb6d6b8d)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c3fb6d6b8d advisory. Update to 2.2.0, includes the fix for CVE-2023-26302 Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora 38 : python-markdown-it-py (2023-8ff3ba5fb5)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8ff3ba5fb5 advisory. Update to 2.2.0, includes the fix for CVE-2023-26302 Tenable has extracted the preceding description block directly from the Fedora security advisor...

OPENSUSE-SU-2021:0451-1 Security update for python-markdown2

This update for python-markdown2 fixes the following issues: Update to 2.4.0 boo1181270: - pull 377 Fixed bug breaking strings elements in metadata lists - pull 380 When rendering fenced code blocks, also add the language-LANG class - pull 387 Regex DoS fixes CVE-2021-26813, boo1183171 - Switch o...

OPENSUSE-SU-2020:0656-1 Security update for python-markdown2

This update for python-markdown2 fixes the following issues: - CVE-2020-11888: Fixed unsanitized input for cross-site scripting boo1171379 This update was imported from the openSUSE:Leap:15.1:Update update project...