VulnerableCode Package Details - pkg:deb/debian/mistune@3.1.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3p1d-tfde-6khg	Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.	CVE-2017-16876 GHSA-98gj-wwxm-cj3h PYSEC-2017-18
VCID-84bg-nq2n-n3ey	mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.	CVE-2017-15612 GHSA-hpv5-v8g5-c864 PYSEC-2017-80
VCID-qb4z-jzem-myee	In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.	CVE-2022-34749 GHSA-fw3v-x4f2-v673 PYSEC-2022-237

Vulnerability

Summary

Aliases

VCID-3p1d-tfde-6khg

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

CVE-2017-16876
GHSA-98gj-wwxm-cj3h
PYSEC-2017-18

VCID-84bg-nq2n-n3ey

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

CVE-2017-15612
GHSA-hpv5-v8g5-c864
PYSEC-2017-80

VCID-qb4z-jzem-myee

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE-2022-34749
GHSA-fw3v-x4f2-v673
PYSEC-2022-237

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:24:25.493814+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:16:33.074926+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:29:30.222955+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:11:57.577248+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:46:01.469808+00:00	Debian Importer	Fixing	VCID-qb4z-jzem-myee	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:01.419218+00:00	Debian Importer	Fixing	VCID-3p1d-tfde-6khg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:01.375358+00:00	Debian Importer	Fixing	VCID-84bg-nq2n-n3ey	https://security-tracker.debian.org/tracker/data/json	38.1.0