CVE-2026-49851 is a high-severity vulnerability in Mistune, a Python Markdown parser. Prior to version 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear behavior in the parse_link_text function. This vulnerability can be triggered by an attacker-controlled Markdown input with a small payload, leading to excessive CPU usage. The vulnerability is fixed in version 3.3.0. This issue has [truncated]
A cross-site scripting (XSS) vulnerability exists in the Mistune Python Markdown parser prior to version 3.2.1. The Image directive plugin uses a permissive regular expression (`^d+(?:.d*)?`) to validate `:width:` and `:height:` options, accepting any string that begins with digits. When a non-integer value passes this check, `render_block_image()` inserts it unescaped into a `style` attribute. An attacke [truncated]
Mistune is a Python Markdown parser with renderers and plugins. Prior to version 3.2.1, the render_toc_ul() function constructs a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string without HTML escaping. When heading IDs are deri [truncated]
A cross-site scripting (XSS) vulnerability exists in Mistune, a Python Markdown parser, affecting versions 3.2.0 and earlier. The vulnerability resides in the `render_figure()` function within `src/mistune/directives/image.py`, where `figclass` and `figwidth` directive options are concatenated directly into HTML attributes without proper escaping. This bypasses the `escape=True` protection in `HTMLRendere [truncated]
CVE-2026-33079 is a ReDoS (Regular Expression Denial of Service) vulnerability in Mistune, a Python Markdown parser. The vulnerability affects versions 3.0.0a1 through 3.2.0 and allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping alternatives that can trigger catastrophic backtracking. A small crafted i [truncated]