Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-bleach@6.2.0-1?distro=trixie
purl pkg:deb/debian/python-bleach@6.2.0-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-7ae6-tssy-h7h4 An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. CVE-2018-7753
GHSA-m9mq-p2f9-cfqv
PYSEC-2018-51
VCID-92h1-h2vh-xyb6 In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. CVE-2020-6802
GHSA-q65m-pv3f-wr5r
PYSEC-2020-27
VCID-cthk-b1bv-xfbk In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. CVE-2020-6816
GHSA-m6xf-fq7q-8743
PYSEC-2020-28
VCID-kxh2-721e-tyh2 In Mozilla Bleach before 3.1.4, `bleach.clean` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). CVE-2020-6817
GHSA-vqhp-cxgc-6wmm
GMS-2020-698
PYSEC-2020-340
SNYK-PYTHON-BLEACH-561754
VCID-mqaz-y2xw-sya2 In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False. CVE-2021-23980
GHSA-vv2x-vrpj-qqpq
GMS-2021-168
PYSEC-2021-865

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:17:44.944413+00:00 Debian Importer Fixing VCID-92h1-h2vh-xyb6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:52:24.440988+00:00 Debian Importer Fixing VCID-mqaz-y2xw-sya2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:27:21.629802+00:00 Debian Importer Fixing VCID-cthk-b1bv-xfbk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:46:51.937178+00:00 Debian Importer Fixing VCID-kxh2-721e-tyh2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:38:15.497603+00:00 Debian Importer Fixing VCID-7ae6-tssy-h7h4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:24:32.302043+00:00 Debian Importer Fixing VCID-92h1-h2vh-xyb6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:21:55.750976+00:00 Debian Importer Fixing VCID-mqaz-y2xw-sya2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:03:16.266754+00:00 Debian Importer Fixing VCID-cthk-b1bv-xfbk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:31:56.403282+00:00 Debian Importer Fixing VCID-kxh2-721e-tyh2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:48:27.556242+00:00 Debian Importer Fixing VCID-7ae6-tssy-h7h4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:37.541046+00:00 Debian Importer Fixing VCID-mqaz-y2xw-sya2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:37.500166+00:00 Debian Importer Fixing VCID-kxh2-721e-tyh2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:37.449807+00:00 Debian Importer Fixing VCID-cthk-b1bv-xfbk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:37.398970+00:00 Debian Importer Fixing VCID-92h1-h2vh-xyb6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:37.349169+00:00 Debian Importer Fixing VCID-7ae6-tssy-h7h4 https://security-tracker.debian.org/tracker/data/json 38.1.0