PT-2026-39307

Name of the Vulnerable Software and Affected Versions Mistune affected versions not specified Description The render figure function in src/mistune/directives/image.py concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and...

CVE-2025-4700

GitLab CVE-2025-4700 affects GitLab CE/EE versions 15.10–18.0.4, 18.1.x before 18.1.3, and 18.2.x before 18.2.1. The issue could allow an attacker to trigger unintended content rendering that leads to Cross-site Scripting (XSS) under certain conditions. The provided documents do not specify the v...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...