Mistune_project Mistune
7 CVEs affecting Mistune_project Mistune. Latest disclosed: 2026-05-26. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44898 | Medium | 6.1 | 2026-05-26 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id… |
CVE-2026-44897 | Medium | 6.1 | 2026-05-26 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the… |
CVE-2026-44896 | Medium | 6.1 | 2026-05-26 | Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concaten… |
CVE-2026-44708 | Medium | 6.1 | 2026-05-26 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by… |
CVE-2017-16876 | Medium | 6.1 | 2017-12-29 | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script o… |
CVE-2017-15612 | Medium | 6.1 | 2017-10-19 | mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink func… |
CVE-2026-44899 | Medium | 4.7 | 2026-05-26 | Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a re… |