Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

Linux Distros Unpatched Vulnerability : CVE-2026-44897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id...

Linux Distros Unpatched Vulnerability : CVE-2026-44708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by...

Linux Distros Unpatched Vulnerability : CVE-2026-44896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates...

CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the mathematical plugin not properly escaping HTML when rendering inline and block-level mathematic...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44899 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44899 Source advisory: SNYK:PYTHON-MISTUNE-16697357...

fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44899 via mistune (=3.2.0)

mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44899 Source advisory:...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44898 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44898 Source advisory: SNYK:PYTHON-MISTUNE-16697348...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)

mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:GHSA-58CW-G322-P94V...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44708 via mistune (>=0.7.3 <=3.2.0)

mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44708 Source advisory: OSV:GHSA-8G87-J6Q8-G93X...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +138 more potentially affected by CVE-2026-44708 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44708 Source advisory: SNYK:PYTHON-MISTUNE-16624508...

DEBIAN-CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +138 more potentially affected by CVE-2026-33079 via mistune (>=3.0.0rc5 <=3.2.0)

mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-33079 Source advisory: OSV:GHSA-8MP2-V27R-99XP...

EUVD-2017-0074

Malware in sbrugna...

animalia (>=0.0.27 <=0.0.28), appyratus (>=3.0.3 <=3.0.4) +35 more potentially affected by CVE-2022-34749 via mistune (>=2.0.0a4 <=2.0.2)

mistune PYPI version =2.0.0a4, =0.0.27, =3.0.3, =0.1.0, =0.11.0, =0.20.7, =0.0.5, =0.0.13, =1.0.18, =0.0.1, =0.1.3 - datapackage-pipelines-spss =0.0.2a0 - embryo =3.0.1 and more Source cves: CVE-2022-34749 Source advisory: OSV:GHSA-FW3V-X4F2-V673...

Code injection

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

animalia (>=0.0.27 <=0.0.28), appyratus (>=3.0.3 <=3.0.4) +35 more potentially affected by CVE-2022-34749 via mistune (>=2.0.0a4 <=2.0.2)

mistune PYPI version =2.0.0a4, =0.0.27, =3.0.3, =0.1.0, =0.11.0, =0.20.7, =0.0.5, =0.0.13, =1.0.18, =0.0.1, =0.1.3 - datapackage-pipelines-spss =0.0.2a0 - embryo =3.0.1 and more Source cves: CVE-2022-34749 Source advisory: OSV:PYSEC-2022-237...

PT-2022-22315 · Mistune +1 · Mistune +1

Name of the Vulnerable Software and Affected Versions: Mistune versions 2.0.2 and earlier Description: The issue arises from the support of inline markup in Mistune, which utilizes regular expressions. These regular expressions can lead to a high amount of backtracking on certain edge cases, a...