CVE-2025-5273

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...

CVE-2025-5273

CVE-2025-5273 affects all versions of the package mcp-markdownify-server . The vulnerability arises from the get-markdown-file tool, where a crafted prompt accessed by the MCP host can cause the server to read arbitrary files on the host running it. This allows unauthorized disclosure of host fil...

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server that stems from the Markdownify.get function that could lead to...

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server, which stems from the fact that the get-markdown-file utility could lead...

PT-2025-23142

Name of the Vulnerable Software and Affected Versions: mcp-markdownify-server versions all Description: The issue concerns Server-Side Request Forgery SSRF via the Markdownify.get function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown,...

PT-2025-23141

Name of the Vulnerable Software and Affected Versions: mcp-markdownify-server versions all Description: The issue allows an attacker to craft a prompt that, once accessed by the MCP host, will enable it to read arbitrary files from the host running the server via the get-markdown-file tool...

Files or Directories Accessible to External Parties

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

Server-Side Request Forgery (SSRF)

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

CVE-2022-41709

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled...

CVE-2022-41710

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...

Denial Of Service (DoS)

python-markdownify is vulnerable to Denial Of Service DoS. The vulnerability is due to memory exhaustion due to handling excessively large HTML headline tags like , which consume significant memory during processing...

CVE-2025-46656

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

GHSA-7MPR-5M44-H73R markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

CVE-2025-46656

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

CVE-2025-46656

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

acatome-chat (>=0.2.1 <=0.4.2), acatome-extract (>=0.2.0 <=0.6.1) +133 more potentially affected by CVE-2025-46656 via markdownify (>=0.10.3 <=0.13.1)

markdownify PYPI version =0.10.3, =0.2.1, =0.2.0, =1.0.1, =0.8.1, =0.15.0, =0.0.18, =0.3.3, =0.1.46, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.9 and more Source cves: CVE-2025-46656 Source advisory: SNYK:PYTHON-MARKDOWNIFY-9833926...

Allocation of Resources Without Limits or Throttling

Overview markdownify is a Convert HTML to markdown. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing malformed HTML tags. An attacker can cause excessive memory consumption by causing heading tags with very large values to be...

CVE-2025-46656

python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...

python-markdownify 安全漏洞

python-markdownify is a tool for converting HTML to Markdown by Matthew Dapena-Tretter, an individual developer. A security vulnerability exists in python-markdownify versions prior to 0.14.1, which stems from support for oversized title prefixes, which may lead to memory consumption...