Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector...

any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-R8CJ-3554-33MR...

GHSA-R8CJ-3554-33MR justhtml introduces denial-of-service hardening

Summary justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification. These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves. Affected versions - justhtml 1.18.0...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16635077...

justhtml introduces denial-of-service hardening

Summary justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification. These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves. Affected versions - justhtml 1.18.0...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16318347...

any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-VRX2-77F2-WW34...

Modification of Assumed-Immutable Data (MAID)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Modification of Assumed-Immutable Data MAID through the sanitize, sanitizedom, and JustHTML..., sanitize=True paths in src/justhtml/sanitize.py. An attacker can bypass intended...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16083990...

any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-4P64-V8F5-R2GX...

GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of URL sanitization helpers, HTML serialization, Markdown passthrough, and custom sanitization-policy edge cases. An attacker can execut...

any2htpy (=0.1.4), article-extractor (=0.5.8) +1 more potentially affected by unknown CVE via justhtml (>=0.35.0 <=1.14.0)

justhtml PYPI version =0.35.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-C9VM-HV86-F23R...

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16032358...

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the custom SanitizationPolicy if configured with dropforeignnamespaces=False or allowlisted foreign elements such as MathML or SVG or raw-text...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: OSV:GHSA-R758-8HXW-4845...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-15928878...

GHSA-R758-8HXW-4845 justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

any2htpy (=0.1.4) potentially affected by unknown CVE via justhtml (=0.35.0)

justhtml PYPI version =0.35.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - any2htpy =0.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-5VP3-3CG6-2RQ3...