4 matches found
EUVD-2022-7414
Malicious code in bioql PyPI...
acatome-chat (>=0.2.1 <=0.4.2), acatome-extract (>=0.2.0 <=0.6.1) +133 more potentially affected by CVE-2025-46656 via markdownify (>=0.10.3 <=0.13.1)
markdownify PYPI version =0.10.3, =0.2.1, =0.2.0, =1.0.1, =0.8.1, =0.15.0, =0.0.18, =0.3.3, =0.1.46, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.9 and more Source cves: CVE-2025-46656 Source advisory: OSV:GHSA-7MPR-5M44-H73R...
CVE-2025-46656
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
Code injection
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled...