Product
mistune project mistune
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44899
CVE-2026-44898
CVE-2026-44897
CVE-2026-44896
CVE-2026-44708
CVE-2022-34749
CVE-2017-16876
CVE-2017-15612
< 3.2.1
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: a
< 3.2.1
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tr
< 3.2.1
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag
<= 3.2.0
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the rend
< 3.2.1
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$
<= 2.0.2
In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of b
< 0.8.1
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to
all versions
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to