31 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately O...
Linux Distros Unpatched Vulnerability : CVE-2026-44896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates...
Linux Distros Unpatched Vulnerability : CVE-2026-44708
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by...
Linux Distros Unpatched Vulnerability : CVE-2026-44899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...
Linux Distros Unpatched Vulnerability : CVE-2026-44897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:PYSEC-2026-168...
UBUNTU-CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the mathematical plugin not properly escaping HTML when rendering inline and block-level mathematic...
fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44899 via mistune (=3.2.0)
mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44899 Source advisory:...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +137 more potentially affected by CVE-2026-44898 via mistune (>=3.0.0 <=3.2.0)
mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44898 Source advisory: SNYK:PYTHON-MISTUNE-16697348...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44897 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44897 Source advisory: OSV:GHSA-V87V-83H2-53W7...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:GHSA-58CW-G322-P94V...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +702 more potentially affected by CVE-2026-44708 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44708 Source advisory: OSV:GHSA-8G87-J6Q8-G93X...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-44708 via mistune (>=3.0.0rc5 <=3.2.0)
mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44708 Source advisory: SNYK:PYTHON-MISTUNE-16624508...
DEBIAN-CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-33079 +1 more via mistune (>=3.0.0rc5 <=3.2.0)
mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-33079, CVE-2026-33441 Source advisory: SNYK:PYTHON-MISTUNE-16438944...
a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +136 more potentially affected by CVE-2026-33079 via mistune (>=3.0.0rc5 <=3.2.0)
mistune PYPI version =3.0.0rc5, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-33079 Source advisory: OSV:GHSA-8MP2-V27R-99XP...