Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mistune Security Vulnerabilities

cve
cve

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

6.1CVSS

5.7AI Score

0.001EPSS

2017-10-19 08:29 AM
58
cve
cve

CVE-2017-16876

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

6.1CVSS

5.9AI Score

0.001EPSS

2017-12-29 03:29 PM
66
cve
cve

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

7.5CVSS

7.2AI Score

0.001EPSS

2022-07-25 11:15 PM
129
8