Skip to main content

Mistune

13 CVEs product

Monthly

CVE-2026-59927 PyPI MEDIUM PATCH This Month

Unbounded recursion in Mistune's Include directive (all versions prior to 3.3.0) can be triggered by a pair of mutually-referencing markdown files, bypassing the cycle detector that only checks for direct self-inclusion. An attacker who can supply markdown content processed by an application using the Include directive may crash the rendering request with a Python RecursionError, resulting in a denial of service. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a confirmed fix is available in version 3.3.0.

Python Denial Of Service Mistune
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-59928 PyPI HIGH PATCH This Week

Denial of service in Mistune (the lepture Python Markdown parser) before 3.3.0 lets remote unauthenticated attackers exhaust CPU by submitting a Markdown document packed with many repeated or distinct reference-link definitions, which triggers quadratic-time processing in the block parser and its ref_links dictionary handling. Any service that renders attacker-supplied Markdown through Mistune (wikis, comment systems, docs pipelines, notebook converters) can be stalled with a single crafted input. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low-complexity, no-auth vector makes weaponization trivial.

Python Denial Of Service Mistune
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59924 PyPI MEDIUM PATCH This Month

Path traversal in Mistune's Include plugin allows reading arbitrary files from the server filesystem when processing attacker-controlled markdown. Applications using md.read() with the Include plugin on markdown content supplied by external users are exposed: a crafted include directive can escape the intended markdown base directory to access any file readable by the running process. No public exploit has been identified at time of analysis, but a vendor-released patch is available in version 3.3.0.

Python Path Traversal Mistune
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-59929 PyPI MEDIUM PATCH This Month

Cross-site scripting in Mistune prior to 3.3.0 stems from an incomplete URI scheme blocklist in the `safe_url` filter, permitting legacy and chained schemes (`feed:`, `jar:`, `livescript:`, `mocha:`, `ms-its:`, `mk:`, `res:`, `view-source:`) to pass unchecked into rendered `href` and `src` attributes. Any web application that accepts user-supplied Markdown, renders it via Mistune's HTML renderer, and serves the output to other users' browsers is exposed to stored or reflected XSS. No public exploit or CISA KEV listing has been identified at time of analysis; however, the CVSS 6.1 score with scope change (S:C) reflects genuine cross-session impact when the victim interacts with attacker-controlled content.

XSS Python Mistune
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59925 PyPI HIGH PATCH This Week

Denial of service in Mistune, a widely used pure-Python Markdown parser, affects all versions prior to 3.3.0 where the default inline parser exhibits quadratic (O(n²)) behavior on long runs of well-formed double- or triple-asterisk emphasis pairs. Because the parser rescans forward for matching close markers from every candidate opening run, a small crafted Markdown payload forces disproportionate CPU consumption, exhausting resources on any service that renders untrusted Markdown. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and unauthenticated network vector make availability impact realistic against default configurations.

Python Denial Of Service Mistune
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59926 PyPI MEDIUM PATCH This Month

Cross-site scripting in Mistune (Python Markdown parser) prior to version 3.2.1 allows injection of arbitrary HTML attributes via the Admonition directive's `:class:` option, critically bypassing HTMLRenderer escape mode even when it is explicitly enabled. Applications that render user-controlled Markdown with admonition directives and serve the resulting HTML to web browsers are exposed to stored or reflected XSS, enabling session hijacking, credential theft, or malicious DOM manipulation. No public exploit has been identified at time of analysis, and a vendor-released patch is available in v3.2.1.

XSS Python Mistune
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-59923 PyPI MEDIUM PATCH This Month

Cross-site scripting in Mistune Python Markdown parser (all versions before 3.3.0) allows attacker-controlled Markdown content containing percent-encoded javascript: URIs to bypass the HTMLRenderer.safe_url() URL sanitization filter and execute arbitrary script in victim browsers. The bypass works because safe_url() checks the raw string without first decoding percent-encoded characters, so schemes like %6Aavascript: or %6aVaScRiPt: evade detection while remaining valid to browsers. Any web application that renders user-supplied or attacker-influenced Markdown through Mistune and serves the output to other users is exposed. No public exploit or CISA KEV listing has been identified at time of analysis.

XSS Python Mistune
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-59930 PyPI MEDIUM PATCH This Month

Predictable heading anchor ID generation in Mistune's toc plugin (all versions prior to 3.3.0) enables same-page navigation hijacking when untrusted Markdown content is rendered. The library assigns sequential numeric identifiers (toc_0, toc_1, etc.) to headings without incorporating heading text, so any party able to inject raw HTML containing a matching id attribute can pre-empt the generated anchor and redirect table-of-contents link targets, CSS selectors, or JavaScript DOM event handlers. No public exploit identified at time of analysis, though the deterministic ID scheme makes collision trivial to engineer once content injection is possible.

Python Information Disclosure Mistune
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-59922 PyPI HIGH PATCH This Week

Denial of service in Mistune, a Python Markdown parser, affects all versions prior to 3.3.0 when the strikethrough, mark, or insert plugins are enabled. Remote attackers can submit crafted Markdown containing runs of closed tilde (~), equals (=), or caret (^) marker pairs that trigger quadratic-time scanning in the formatting plugin, exhausting CPU and rendering the parsing service unresponsive. No public exploit identified at time of analysis, and the flaw is not in CISA KEV; impact is limited to availability with no data exposure.

Python Denial Of Service Mistune
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49851 PyPI HIGH POC PATCH GHSA This Week

Uncontrolled CPU consumption in Mistune, a Python Markdown parser, allows remote unauthenticated attackers to cause denial of service against any application that renders untrusted Markdown through versions prior to 3.3.0. The flaw lives in parse_link_text, which runs a regex search inside a loop and re-scans the remaining input each iteration, yielding roughly O(n²) behavior; a tiny payload of many consecutive '[' characters can pin a CPU core. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the trigger is trivial to construct and the GitHub Security Advisory documents the root cause precisely.

Python Denial Of Service Mistune
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2022-34749 PyPI HIGH PATCH This Week

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mistune Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-16876 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mistune Fedora
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15612 PyPI MEDIUM POC PATCH This Month

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mistune
NVD GitHub
CVSS 3.0
6.1
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded recursion in Mistune's Include directive (all versions prior to 3.3.0) can be triggered by a pair of mutually-referencing markdown files, bypassing the cycle detector that only checks for direct self-inclusion. An attacker who can supply markdown content processed by an application using the Include directive may crash the rendering request with a Python RecursionError, resulting in a denial of service. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a confirmed fix is available in version 3.3.0.

Python Denial Of Service Mistune
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mistune (the lepture Python Markdown parser) before 3.3.0 lets remote unauthenticated attackers exhaust CPU by submitting a Markdown document packed with many repeated or distinct reference-link definitions, which triggers quadratic-time processing in the block parser and its ref_links dictionary handling. Any service that renders attacker-supplied Markdown through Mistune (wikis, comment systems, docs pipelines, notebook converters) can be stalled with a single crafted input. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low-complexity, no-auth vector makes weaponization trivial.

Python Denial Of Service Mistune
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Path traversal in Mistune's Include plugin allows reading arbitrary files from the server filesystem when processing attacker-controlled markdown. Applications using md.read() with the Include plugin on markdown content supplied by external users are exposed: a crafted include directive can escape the intended markdown base directory to access any file readable by the running process. No public exploit has been identified at time of analysis, but a vendor-released patch is available in version 3.3.0.

Python Path Traversal Mistune
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting in Mistune prior to 3.3.0 stems from an incomplete URI scheme blocklist in the `safe_url` filter, permitting legacy and chained schemes (`feed:`, `jar:`, `livescript:`, `mocha:`, `ms-its:`, `mk:`, `res:`, `view-source:`) to pass unchecked into rendered `href` and `src` attributes. Any web application that accepts user-supplied Markdown, renders it via Mistune's HTML renderer, and serves the output to other users' browsers is exposed to stored or reflected XSS. No public exploit or CISA KEV listing has been identified at time of analysis; however, the CVSS 6.1 score with scope change (S:C) reflects genuine cross-session impact when the victim interacts with attacker-controlled content.

XSS Python Mistune
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mistune, a widely used pure-Python Markdown parser, affects all versions prior to 3.3.0 where the default inline parser exhibits quadratic (O(n²)) behavior on long runs of well-formed double- or triple-asterisk emphasis pairs. Because the parser rescans forward for matching close markers from every candidate opening run, a small crafted Markdown payload forces disproportionate CPU consumption, exhausting resources on any service that renders untrusted Markdown. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and unauthenticated network vector make availability impact realistic against default configurations.

Python Denial Of Service Mistune
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cross-site scripting in Mistune (Python Markdown parser) prior to version 3.2.1 allows injection of arbitrary HTML attributes via the Admonition directive's `:class:` option, critically bypassing HTMLRenderer escape mode even when it is explicitly enabled. Applications that render user-controlled Markdown with admonition directives and serve the resulting HTML to web browsers are exposed to stored or reflected XSS, enabling session hijacking, credential theft, or malicious DOM manipulation. No public exploit has been identified at time of analysis, and a vendor-released patch is available in v3.2.1.

XSS Python Mistune
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting in Mistune Python Markdown parser (all versions before 3.3.0) allows attacker-controlled Markdown content containing percent-encoded javascript: URIs to bypass the HTMLRenderer.safe_url() URL sanitization filter and execute arbitrary script in victim browsers. The bypass works because safe_url() checks the raw string without first decoding percent-encoded characters, so schemes like %6Aavascript: or %6aVaScRiPt: evade detection while remaining valid to browsers. Any web application that renders user-supplied or attacker-influenced Markdown through Mistune and serves the output to other users is exposed. No public exploit or CISA KEV listing has been identified at time of analysis.

XSS Python Mistune
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Predictable heading anchor ID generation in Mistune's toc plugin (all versions prior to 3.3.0) enables same-page navigation hijacking when untrusted Markdown content is rendered. The library assigns sequential numeric identifiers (toc_0, toc_1, etc.) to headings without incorporating heading text, so any party able to inject raw HTML containing a matching id attribute can pre-empt the generated anchor and redirect table-of-contents link targets, CSS selectors, or JavaScript DOM event handlers. No public exploit identified at time of analysis, though the deterministic ID scheme makes collision trivial to engineer once content injection is possible.

Python Information Disclosure Mistune
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mistune, a Python Markdown parser, affects all versions prior to 3.3.0 when the strikethrough, mark, or insert plugins are enabled. Remote attackers can submit crafted Markdown containing runs of closed tilde (~), equals (=), or caret (^) marker pairs that trigger quadratic-time scanning in the formatting plugin, exhausting CPU and rendering the parsing service unresponsive. No public exploit identified at time of analysis, and the flaw is not in CISA KEV; impact is limited to availability with no data exposure.

Python Denial Of Service Mistune
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Uncontrolled CPU consumption in Mistune, a Python Markdown parser, allows remote unauthenticated attackers to cause denial of service against any application that renders untrusted Markdown through versions prior to 3.3.0. The flaw lives in parse_link_text, which runs a regex search inside a loop and re-scans the remaining input each iteration, yielding roughly O(n²) behavior; a tiny payload of many consecutive '[' characters can pin a CPU core. There is no public exploit identified at time of analysis and the issue is not in CISA KEV, but the trigger is trivial to construct and the GitHub Security Advisory documents the root cause precisely.

Python Denial Of Service Mistune
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mistune Fedora
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mistune Fedora
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mistune
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy