pkg:PyPI/mistune

All known vulnerabilities

• HIGH8.6CVE-2022-34749Mistune vulnerable to catastrophic backtracking
  from 0, < a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 | >= 2.0.0a1, < 2.0.3
• HIGH8.6CVE-2022-34749Mistune vulnerable to catastrophic backtracking
  >= 2.0.0a1, < 2.0.3
• MEDIUM6.1CVE-2026-44898Mistune TOC Anchor Injection XSS
  >= 3.2.0, < 3.2.1
• MEDIUM6.1CVE-2026-44897Mistune Heading ID Attribute has Injection XSS
  from 0, < 3.2.1
• MEDIUM6.1CVE-2026-44896Mistune has XSS via unescaped figclass/figwidth in Figure directive
  from 0, <= 3.2.0
• MEDIUM6.1CVE-2026-44708Mistune Math Plugin has an XSS Escape Bypass
  from 0, <= 3.2.0
• MEDIUM6.1CVE-2017-15612Cross-site Scripting in Mistune
  from 0, < 0.8
• MEDIUM6.1CVE-2017-15612Cross-site Scripting in Mistune
  from 0, < 0.8
• MEDIUM6.1CVE-2017-16876mistune Cross-site scripting (XSS) vulnerability
  from 0, < 0.8.1
• MEDIUM6.1CVE-2017-16876mistune Cross-site scripting (XSS) vulnerability
  from 0, < 5f06d724bc05580e7f203db2d4a4905fc1127f98 | from 0, < 0.8.1
• MEDIUM4.7CVE-2026-44899Mistune Image Directive CSS Injection Vulnerability
  >= 3.2.0, < 3.2.1
• —CVE-2026-33441Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
  >= 3.0.0a1, < 3.2.1
• —CVE-2026-33079Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
  >= 3.0.0a1, < 3.2.1