CVE-2025-69534

Python-Markdown 3.8 contains a parsing fault where malformed HTML-like sequences can trigger an unhandled AssertionError in html.parser.HTMLParser during Markdown processing. This can cause remote, unauthenticated Denial of Service in any application that renders untrusted Markdown (web apps, doc...

Python-Markdown 安全漏洞

Python-Markdown is an open-source Python implementation of a Markdown parser. Version 3.8 of Python-Markdown contains a security vulnerability. This vulnerability stems from malformed HTML sequences, which can lead to unhandled assertion errors, potentially causing remote denial-of-service attack...

PT-2026-23450

Name of the Vulnerable Software and Affected Versions Python-Markdown versions prior to 3.8.1 Description A flaw exists in Python-Markdown version 3.8 where improperly formed HTML-like sequences can trigger an unhandled AssertionError within the html.parser.HTMLParser during Markdown processing...

UBUNTU-CVE-2025-68142

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

PT-2025-51772

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

EUVD-2020-0104

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-11888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or...

Fedora: Security Advisory (FEDORA-2023-f970cbb557)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : python-markdown-it-py (2023-f970cbb557)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f970cbb557 advisory. Automatic update for python-markdown-it-py-2.2.0-1.fc39. Changelog Wed Mar 15 2023 Karolina Surma - 2.2.0-1 - Update to 2.2.0, includes the fix for...

Directory traversal

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

CVE-2023-32309

CVE-2023-32309 affects PyMdown Extensions (Python-Markdown extensions) and specifically the Snippets feature. The vulnerability allows arbitrary file read via include-file syntax and directory-tr traversal beyond a configured base path, e.g. paths like /etc/passwd or /proc/self/environ can be exp...

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

PyMdown Extensions 路径遍历漏洞

PyMdown Extensions is a collection of extensions for Python Markdown. PyMdown Extensions suffers from a path traversal vulnerability that stems from vulnerability to directory traversal attacks, which could be exploited by an attacker to read arbitrary files...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-c3fb6d6b8d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: python-markdown-it-py-2.2.0-1.fc37

Markdown parser done right. Its features: Follows the CommonMark spec for baseline parsing. Has configurable syntax: you can add new rules and even replace existing ones. Pluggable: Adds syntax extensions to extend the parser. High speed & safe by default...

Fedora: Security Advisory for python-markdown-it-py (FEDORA-2023-8ff3ba5fb5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : python-markdown-it-py (2023-c3fb6d6b8d)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c3fb6d6b8d advisory. Update to 2.2.0, includes the fix for CVE-2023-26302 Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora 38 : python-markdown-it-py (2023-8ff3ba5fb5)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8ff3ba5fb5 advisory. Update to 2.2.0, includes the fix for CVE-2023-26302 Tenable has extracted the preceding description block directly from the Fedora security advisor...

OPENSUSE-SU-2021:0451-1 Security update for python-markdown2

This update for python-markdown2 fixes the following issues: Update to 2.4.0 boo1181270: - pull 377 Fixed bug breaking strings elements in metadata lists - pull 380 When rendering fenced code blocks, also add the language-LANG class - pull 387 Regex DoS fixes CVE-2021-26813, boo1183171 - Switch o...

OPENSUSE-SU-2020:0656-1 Security update for python-markdown2

This update for python-markdown2 fixes the following issues: - CVE-2020-11888: Fixed unsanitized input for cross-site scripting boo1171379 This update was imported from the openSUSE:Leap:15.1:Update update project...