6 matches found
UBUNTU-CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
EUVD-2026-27877
Mistune has a ReDoS in LINKTITLERE that allows denial of service via crafted Markdown input...
CVE-2026-44897
creationtimestamp| type| source ---|---|--- 2026-05-06 07:13:48+00:00| published-proof-of-concept| https://github.com/lepture/mistune/security/advisories/GHSA-v87v-83h2-53w7...
GHSA-FW3V-X4F2-V673 Mistune vulnerable to catastrophic backtracking
In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...
PYSEC-2017-18
Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...
UBUNTU-CVE-2017-16876
Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...