CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

GHSA-JV8M-2544-3PG3 Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

PT-2026-42631

Description Several filters in the twig/ extras packages are registered with is safe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

Server-side Request Forgery (SSRF)

Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the htmltomarkdown and qrcode modules when handling remote resource fetching. An attacke...

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

EUVD-2020-18858

Malware in sbrugna...

0xkobold (>=0.5.0 <=0.8.0), @0xdwong/html-to-markdown (>=1.0.0 <=1.0.1) +346 more potentially affected by CVE-2025-2792 via @mozilla/readability (>=0.3.0 <=0.5.0)

@mozilla/readability NPM version =0.3.0, =0.5.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.1.0, =0.1.5-alpha.0, =0.1.0, =1.7.0, =1.8.4 and more Source cves: CVE-2025-2792 Source advisory: OSV:GHSA-3P6V-HRG8-8QJ7...

HTML2Markdown 安全漏洞

HTML2Markdown is a Javascript implementation for converting HTML to Markdown text by the individual developer Kates Gasis. A security vulnerability exists in HTML2Markdown due to the inclusion of one or more regular expressions that are vulnerable to a regular expression denial of service attack...

PT-2024-10797 · Unknown · Html2Markdown

Name of the Vulnerable Software and Affected Versions: HTML2Markdown versions all available versions Description: The issue concerns a Regular Expression Denial of Service ReDoS in the HTML2Markdown Javascript implementation, which is used for converting HTML to Markdown text. No known patches ar...