CVE-2026-35600

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...

CVE-2026-35600

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...

EUVD-2021-0925

Malware in sbrugna...

EUVD-2021-0205

Malware in sbrugna...

EUVD-2021-1222

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-29272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script...

Maintainers of Last Resort

Geomys is an organization of professional open source maintainers, focused on a portfolio of critical Go projects. For example, we are two thirds of the Go standard library cryptography maintainers, we provide the FIPS 140-3 validation of the upstream Go Cryptographic Module, and we fund the...

CVE-2019-19619

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...

FreeBSD : gitea -- multiple issues (d713d709-4cc9-11ed-a621-0800277bb8a8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d713d709-4cc9-11ed-a621-0800277bb8a8 advisory. - The Gitea team reports: Sanitize and Escape refs in git backend Bump golang.org/x/text Update...

gitea -- multiple issues

The Gitea team reports: Sanitize and Escape refs in git backend Bump golang.org/x/text Update bluemonday...

GO-2022-0588 Cross-site scripting via leaked style elements in github.com/microcosm-cc/bluemonday

The bluemonday HTML sanitizer can leak the contents of a "style" element into HTML output, potentially causing XSS vulnerabilities. The default bluemonday sanitization policies are not vulnerable. Only user-defined policies allowing "select", "style", and "option" elements are affected. Permittin...

[SECURITY] Fedora 36 Update: golang-github-microcosm-cc-bluemonday-1.0.17-4.fc36

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content...

Fedora: Security Advisory for golang-github-microcosm-cc-bluemonday (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-microcosm-cc-bluemonday-1.0.17-3.fc35

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content...

Fedora: Security Advisory for golang-github-microcosm-cc-bluemonday (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-microcosm-cc-bluemonday-1.0.17-3.fc36

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.5: Upgrade Bluemonday to v1.0.16 17372 17374 Ensure correct SSH permissions check for private and restricted users 17370 17373...

GHSA-X95H-979X-CF3J Policies not properly enforced in bluemonday

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

Policies not properly enforced in bluemonday

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

CVE-2021-42576

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...