VulnerableCode Package Details - pkg:deb/debian/mistune@0.8.4-4?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-qb4z-jzem-myee Aliases: CVE-2022-34749 GHSA-fw3v-x4f2-v673 PYSEC-2022-237	In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.	2.0.3-1 Affected by 0 other vulnerabilities. 2.0.4-1 Affected by 0 other vulnerabilities. 3.1.3-1 Affected by 0 other vulnerabilities. 3.1.4-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qb4z-jzem-myee
Aliases:
CVE-2022-34749
GHSA-fw3v-x4f2-v673
PYSEC-2022-237

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

2.0.3-1
Affected by 0 other vulnerabilities.

2.0.4-1
Affected by 0 other vulnerabilities.

3.1.3-1
Affected by 0 other vulnerabilities.

3.1.4-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3p1d-tfde-6khg	Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.	CVE-2017-16876 GHSA-98gj-wwxm-cj3h PYSEC-2017-18
VCID-84bg-nq2n-n3ey	mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.	CVE-2017-15612 GHSA-hpv5-v8g5-c864 PYSEC-2017-80

Vulnerability

Summary

Aliases

VCID-3p1d-tfde-6khg

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

CVE-2017-16876
GHSA-98gj-wwxm-cj3h
PYSEC-2017-18

VCID-84bg-nq2n-n3ey

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

CVE-2017-15612
GHSA-hpv5-v8g5-c864
PYSEC-2017-80

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:24:25.478253+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:16:33.026252+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:29:30.206919+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:11:57.556825+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:46:01.442788+00:00	Debian Importer	Affected by	VCID-qb4z-jzem-myee	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:01.412409+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:01.366297+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.1.0