Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mistune@0.7.2
purl pkg:pypi/mistune@0.7.2
Next non-vulnerable version 0.8.1
Latest non-vulnerable version 2.0.3
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-3p1d-tfde-6khg
Aliases:
CVE-2017-16876
GHSA-98gj-wwxm-cj3h
PYSEC-2017-18
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
0.8.1
Affected by 0 other vulnerabilities.
VCID-84bg-nq2n-n3ey
Aliases:
CVE-2017-15612
GHSA-hpv5-v8g5-c864
PYSEC-2017-80
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
0.8
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-01T14:56:29.131615+00:00 GHSA Importer Affected by VCID-84bg-nq2n-n3ey https://github.com/advisories/GHSA-hpv5-v8g5-c864 38.6.0
2026-05-01T14:16:19.623935+00:00 GHSA Importer Affected by VCID-3p1d-tfde-6khg https://github.com/advisories/GHSA-98gj-wwxm-cj3h 38.6.0
2026-04-29T19:27:38.973791+00:00 GitLab Importer Affected by VCID-3p1d-tfde-6khg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mistune/CVE-2017-16876.yml 38.5.0
2026-04-16T20:50:59.421212+00:00 GitLab Importer Affected by VCID-3p1d-tfde-6khg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mistune/CVE-2017-16876.yml 38.4.0
2026-04-16T02:17:43.913743+00:00 GHSA Importer Affected by VCID-84bg-nq2n-n3ey https://github.com/advisories/GHSA-hpv5-v8g5-c864 38.4.0
2026-04-16T01:26:25.054356+00:00 GHSA Importer Affected by VCID-3p1d-tfde-6khg https://github.com/advisories/GHSA-98gj-wwxm-cj3h 38.4.0
2026-04-11T22:01:41.881786+00:00 GitLab Importer Affected by VCID-3p1d-tfde-6khg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mistune/CVE-2017-16876.yml 38.3.0
2026-04-11T13:42:31.738222+00:00 GHSA Importer Affected by VCID-84bg-nq2n-n3ey https://github.com/advisories/GHSA-hpv5-v8g5-c864 38.3.0
2026-04-11T12:55:44.018152+00:00 GHSA Importer Affected by VCID-3p1d-tfde-6khg https://github.com/advisories/GHSA-98gj-wwxm-cj3h 38.3.0
2026-04-02T22:14:42.991715+00:00 GitLab Importer Affected by VCID-3p1d-tfde-6khg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mistune/CVE-2017-16876.yml 38.1.0
2026-04-02T14:31:09.842477+00:00 GHSA Importer Affected by VCID-84bg-nq2n-n3ey https://github.com/advisories/GHSA-hpv5-v8g5-c864 38.1.0
2026-04-02T13:48:14.138102+00:00 GHSA Importer Affected by VCID-3p1d-tfde-6khg https://github.com/advisories/GHSA-98gj-wwxm-cj3h 38.1.0
2026-04-01T16:32:14.761233+00:00 GitLab Importer Affected by VCID-3p1d-tfde-6khg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mistune/CVE-2017-16876.yml 38.0.0
2026-04-01T15:00:07.835041+00:00 PyPI Importer Affected by VCID-3p1d-tfde-6khg https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:00:02.538304+00:00 PyPI Importer Affected by VCID-84bg-nq2n-n3ey https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:41:38.948159+00:00 Pypa Importer Affected by VCID-3p1d-tfde-6khg https://github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2017-18.yaml 38.0.0
2026-04-01T12:41:36.200749+00:00 Pypa Importer Affected by VCID-84bg-nq2n-n3ey https://github.com/pypa/advisory-database/blob/main/vulns/mistune/PYSEC-2017-80.yaml 38.0.0