Mistune Project

Mistune

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.07.2026 16:24:37
  • Zuletzt bearbeitet 09.07.2026 19:30:14

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other ...

Exploit
  • EPSS 0.35%
  • Veröffentlicht 08.07.2026 16:23:21
  • Zuletzt bearbeitet 09.07.2026 19:29:34

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dic...

Exploit
  • EPSS 0.33%
  • Veröffentlicht 08.07.2026 16:22:11
  • Zuletzt bearbeitet 09.07.2026 19:34:54

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted includ...

Exploit
  • EPSS 0.19%
  • Veröffentlicht 08.07.2026 16:20:38
  • Zuletzt bearbeitet 09.07.2026 19:29:01

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-...

Exploit
  • EPSS 0.34%
  • Veröffentlicht 08.07.2026 16:18:43
  • Zuletzt bearbeitet 09.07.2026 19:39:58

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser...

  • EPSS 0.33%
  • Veröffentlicht 08.07.2026 16:16:15
  • Zuletzt bearbeitet 09.07.2026 19:38:07

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing ...

Exploit
  • EPSS 0.2%
  • Veröffentlicht 08.07.2026 16:14:39
  • Zuletzt bearbeitet 09.07.2026 19:35:14

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script i...

Exploit
  • EPSS 0.12%
  • Veröffentlicht 08.07.2026 16:13:21
  • Zuletzt bearbeitet 09.07.2026 19:28:30

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N"...

Exploit
  • EPSS 0.35%
  • Veröffentlicht 08.07.2026 16:12:00
  • Zuletzt bearbeitet 09.07.2026 19:36:00

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or i...

Exploit
  • EPSS 0.23%
  • Veröffentlicht 26.05.2026 20:41:53
  • Zuletzt bearbeitet 28.05.2026 13:42:13

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the vis...