Mistune Project Mistune — known CVE vulnerabilities
Every CVE whose affected-product data names Mistune Project Mistune, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-34749 — CVSS 7.5 (high): In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of…
CVE-2017-16876 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject…
CVE-2026-44708 — CVSS 6.1 (medium): Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and…
CVE-2026-44896 — CVSS 6.1 (medium): Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the…
CVE-2026-44897 — CVSS 6.1 (medium): Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by…
CVE-2026-44898 — CVSS 6.1 (medium): Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a…
CVE-2017-15612 — CVSS 6.1 (medium): mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the…
CVE-2026-44899 — CVSS 4.7 (medium): Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and…