CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

Linux Distros Unpatched Vulnerability : CVE-2017-15612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink...

OPENSUSE-SU-2024:12350-1 python310-mistune-2.0.4-1.1 on GA media

These are all security issues fixed in the python310-mistune-2.0.4-1.1 package on the GA media of openSUSE Tumbleweed...

animalia (>=0.0.27 <=0.0.28), appyratus (>=3.0.3 <=3.0.4) +35 more potentially affected by CVE-2022-34749 via mistune (>=2.0.0a4 <=2.0.2)

mistune PYPI version =2.0.0a4, =0.0.27, =3.0.3, =0.1.0, =0.11.0, =0.20.7, =0.0.5, =0.0.13, =1.0.18, =0.0.1, =0.1.3 - datapackage-pipelines-spss =0.0.2a0 - embryo =3.0.1 and more Source cves: CVE-2022-34749 Source advisory: OSV:GHSA-FW3V-X4F2-V673...

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...