Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/986054?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/986054?format=api", "purl": "pkg:pypi/justhtml@0.5.2", "type": "pypi", "namespace": "", "name": "justhtml", "version": "0.5.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.18.0", "latest_non_vulnerable_version": "1.18.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92119?format=api", "vulnerability_id": "VCID-1nnk-vww8-vyh7", "summary": "justhtml introduces denial-of-service hardening\n## Summary\n\n`justhtml` `1.18.0` fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification.\n\nThese issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves.\n\n## Affected versions\n\n- `justhtml` `< 1.18.0`\n\n## Fixed version\n\n- `justhtml` `1.18.0` released on May 4, 2026\n\n## Impact\n\n### CSS selector handling\n\nApplications that evaluate attacker-controlled selector strings, or that run selector-based transform pipelines over attacker-controlled documents, could consume disproportionate CPU or memory.\n\nThe affected selector patterns included oversized selectors, large selector lists, oversized compound selectors, long combinator chains, deeply nested functional pseudo-classes such as `:not(...)`, repeated attribute/class token matching over large values, repeated sibling or ancestor scans, repeated positional pseudo-class work, and `:contains(...)` over large descendant text.\n\nProgrammatically constructed malformed DOM graphs could also trigger non-terminating or duplicate traversal in some selector paths, including cyclic/shared child graphs, cyclic parent chains, and cyclic text traversal for `:contains(...)`.\n\n### Linkification\n\nAttacker-controlled text containing punctuation-heavy input or URL candidates ending in long runs of unmatched closing brackets could cause repeated rescanning and consume disproportionate CPU when linkification was enabled.\n\n## Default configuration\n\nOrdinary sanitization of parsed HTML with the default `JustHTML(..., sanitize=True)` configuration is not expected to expose untrusted users to selector injection, because selectors are normally supplied by application code.\n\nThe main risk areas are:\n\n- applications that accept selector strings from untrusted users and pass them to `query(...)`, `matches(...)`, or selector-based transforms\n- custom transform or sanitization pipelines that run selector matching over very large untrusted documents\n- applications that construct or mutate DOM trees programmatically from untrusted structure\n- applications that enable `Linkify(...)` over attacker-controlled text\n\n## Fixes in 1.18.0\n\n`1.18.0` adds generalized selector resource controls and removes several repeated-work hot paths:\n\n- shared selector limits for parse and match operations\n- structural caps for selector length, selector lists, compound selectors, complex selectors, and parse depth\n- match-operation and string-byte budgets\n- per-query matcher state for caches and cycle guards\n- precomputed or cached ancestor, sibling, positional, attribute-token, text-content, `:not(...)`, `:empty`, and `:nth-child(...)` work\n- consistent enforcement across public parsing, `query(...)`, tag-only query fast paths, transform selector compilation, and sanitization transform matching\n- linkification hardening for punctuation-heavy inputs and trailing bracket trimming\n\n## CWE mapping\n\n- CWE-400: Uncontrolled Resource Consumption\n- CWE-407: Inefficient Algorithmic Complexity\n- CWE-835: Loop with Unreachable Exit Condition\n\n## Recommended action\n\nUpgrade to `justhtml` `1.18.0`.\n\nIf users cannot upgrade immediately:\n\n- do not pass untrusted selector strings to `query(...)`, `matches(...)`, or selector-based transforms\n- restrict the size of untrusted documents before selector matching or linkification\n- avoid constructing programmatic DOM graphs from untrusted structure\n- avoid enabling `Linkify(...)` on very large attacker-controlled text\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-r8cj-3554-33mr", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-r8cj-3554-33mr" }, { "reference_url": "https://github.com/advisories/GHSA-r8cj-3554-33mr", "reference_id": "GHSA-r8cj-3554-33mr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8cj-3554-33mr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114695?format=api", "purl": "pkg:pypi/justhtml@1.18.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.18.0" } ], "aliases": [ "GHSA-r8cj-3554-33mr" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nnk-vww8-vyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91434?format=api", "vulnerability_id": "VCID-82ee-j3d7-uucn", "summary": "JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)\n## Summary\n\nSanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as `<style>` or `<script>`.\n\nThe issue affects DOM trees that are constructed or modified programmatically and then passed through `sanitize_dom()` with a policy that keeps these elements. Text nodes inside `<style>` and `<script>` are serialized literally, so attacker-controlled text containing the matching closing tag sequence can break out of the raw-text context and inject HTML into the serialized output.\n\nThe default sanitization policy is not affected because it drops the contents of `style` and `script`.\n\n## Details\n\nThe root cause is in HTML serialization of raw-text elements. In serialize.py, text children of `script` and `style` are emitted verbatim:\n\n```python\n_LITERAL_TEXT_SERIALIZATION_ELEMENTS = frozenset({\"script\", \"style\"})\n\ndef _serialize_text_for_parent(text: str | None, parent_name: str | None) -> str:\n if not text:\n return \"\"\n if parent_name in _LITERAL_TEXT_SERIALIZATION_ELEMENTS:\n return text\n return _escape_text(text)", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-qvc2-mg72-jjhx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-qvc2-mg72-jjhx" }, { "reference_url": "https://github.com/advisories/GHSA-qvc2-mg72-jjhx", "reference_id": "GHSA-qvc2-mg72-jjhx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvc2-mg72-jjhx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113060?format=api", "purl": "pkg:pypi/justhtml@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-cdux-h8qv-bqan" }, { "vulnerability": "VCID-seu1-1kkh-kkas" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" }, { "vulnerability": "VCID-xbwj-dann-yudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.12.0" } ], "aliases": [ "GHSA-qvc2-mg72-jjhx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82ee-j3d7-uucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89043?format=api", "vulnerability_id": "VCID-cdux-h8qv-bqan", "summary": "Multiple security fixes in justhtml\n## Summary\n\n`justhtml` `1.16.0` fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.\n\nMost of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings:\n\n- programmatic DOM input to `sanitize()` or `sanitize_dom()`\n- reused or mutated sanitization policy objects\n- custom policies that preserve foreign namespaces such as SVG or MathML\n\n## Affected versions\n\n- `justhtml` `<= 1.15.0`\n\n## Fixed version\n\n- `justhtml` `1.16.0` released on April 12, 2026\n\n## Impact\n\n### Policy reuse and mutation\nNested mutation of sanitization policy internals could weaken later sanitization by leaving stale compiled sanitizers active, or by mutating exported default policy internals process-wide.\n\n### In-memory sanitization gaps\nProgrammatic DOM sanitization could miss dangerous mixed-case tag names such as `ScRiPt` or `StYlE`, and custom `drop_content_tags` values such as `{\"SCRIPT\"}` could silently fail to drop dangerous subtrees.\n\n### Serialization injection\nCrafted programmatic doctype names could serialize into active markup before the document body.\n\n### Foreign-namespace policy bypasses\nCustom policies that preserve SVG or MathML could allow active SVG features to survive sanitization, including:\n\n- animation elements such as `<set>` and `<animate>` that mutate already-sanitized attributes after sanitization\n- presentation attributes such as `fill`, `clip-path`, `mask`, `marker-start`, and `cursor` containing external `url(...)` references\n- programmatic DOM trees that claim `namespace=\"html\"` but serialize as `<svg>` or `<math>`, bypassing foreign-content checks\n\n### Rawtext hardening gap\nMixed-case programmatic `style` or `script` nodes could bypass rawtext hardening and preserve active stylesheet content such as remote `@import` rules.\n\n## Default configuration\n\nMost of these issues did **not** affect the normal `JustHTML(..., sanitize=True)` path for ordinary parsed HTML.\n\nThe main exceptions were policy-mutation issues, which could weaken later sanitization if code mutated nested state on reused policy objects or exported defaults.\n\n## Recommended action\n\nUpgrade to `justhtml` `1.16.0`.\n\nIf you cannot upgrade immediately:\n\n- do not mutate `DEFAULT_POLICY`, `DEFAULT_DOCUMENT_POLICY`, or nested policy internals\n- avoid reusing policy objects after mutating nested state\n- avoid preserving SVG or MathML for untrusted input\n- avoid preserving `style` or `script` in custom policies for untrusted input\n- avoid serializing untrusted programmatic doctypes or DOM trees\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-4p64-v8f5-r2gx", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-4p64-v8f5-r2gx" }, { "reference_url": "https://github.com/advisories/GHSA-4p64-v8f5-r2gx", "reference_id": "GHSA-4p64-v8f5-r2gx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p64-v8f5-r2gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109956?format=api", "purl": "pkg:pypi/justhtml@1.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.16.0" } ], "aliases": [ "GHSA-4p64-v8f5-r2gx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdux-h8qv-bqan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91033?format=api", "vulnerability_id": "VCID-mbkb-5x56-u7ej", "summary": "JustHTML has a Sanitizer Bypass (in Markdown)\n## Summary\n\n`to_markdown()` does not sufficiently escape text content that looks like HTML. As a result, untrusted input that is safe in `to_html()` can become raw HTML in Markdown output.\n\nThis is not specific to tokenizer raw-text states like `<title>`, `<noscript>`, or `<plaintext>`, although those states can trigger the behavior. The root cause is broader: Markdown text serialization leaves angle brackets unescaped in text nodes.\n\n## Details\n\nWhen converting a parsed document to Markdown, text nodes are escaped for a small set of Markdown metacharacters, but HTML-significant characters such as `<` and `>` are preserved. That means content parsed as text, including entity-decoded text or text produced by RCDATA/RAWTEXT-style parsing, can be emitted into Markdown as raw HTML.\n\nExamples of affected input include:\n\n- Text produced from entity-decoded input such as `<script>...</script>`\n- Text inside elements like `<title>`, `<textarea>`, `<noscript>` (when parsed as raw text), and `<plaintext>`\n\nThis is distinct from actual `<script>` or `<style>` elements in the DOM. Those are already dropped by default in `to_markdown()` unless `html_passthrough=True`.\n\n## Proof of Concept\n\n### General case\n\n```python\nfrom justhtml import JustHTML\n\ndoc = JustHTML(\"<p><img src=x onerror=alert(1)></p>\", fragment=True)\n\nprint(doc.to_html())\nprint()\nprint(doc.to_markdown())", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-3rcm-vjrc-p45j", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-3rcm-vjrc-p45j" }, { "reference_url": "https://github.com/advisories/GHSA-3rcm-vjrc-p45j", "reference_id": "GHSA-3rcm-vjrc-p45j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rcm-vjrc-p45j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113060?format=api", "purl": "pkg:pypi/justhtml@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-cdux-h8qv-bqan" }, { "vulnerability": "VCID-seu1-1kkh-kkas" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" }, { "vulnerability": "VCID-xbwj-dann-yudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.12.0" } ], "aliases": [ "GHSA-3rcm-vjrc-p45j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbkb-5x56-u7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90869?format=api", "vulnerability_id": "VCID-seu1-1kkh-kkas", "summary": "JustHTML is vulnerable to XSS via code fence breakout in <pre> content\n## Summary\n\n`to_markdown()` is vulnerable when serializing attacker-controlled `<pre>` content. The `<pre>` handler emits a fixed three-backtick fenced code block, but writes decoded text content into that fence without choosing a delimiter longer than any backtick run inside the content.\n\nAn attacker can place backticks and HTML-like text inside a sanitized `<pre>` element so that the generated Markdown closes the fence early and leaves raw HTML outside the code block. When that Markdown is rendered by a CommonMark/GFM-style renderer that allows raw HTML, the HTML executes.\n\nThis is a bypass of the v1.12.0 Markdown hardening. That fix escaped HTML-significant characters for regular text nodes, but `<pre>` uses a separate serialization path and does not apply the same protection.\n\n## Details\n\nThe vulnerable `<pre>` Markdown path:\n\n- extracts decoded text from the `<pre>` subtree\n- opens a fenced block with a fixed delimiter of ``````\n- writes the decoded text directly into the output\n- closes with another fixed ``````\n\nBecause the fence length is fixed, attacker-controlled content containing a backtick run of length 3 or more can terminate the code block. If the content also contains decoded HTML-like text such as `<img ...>`, that text appears outside the fence in the resulting Markdown and is treated as raw HTML by downstream Markdown renderers.\n\nThe issue is not that HTML-like text appears inside code blocks. The issue is that the serializer allows attacker-controlled `<pre>` text to break out of the fixed fence.\n\n## Reproduction\n\n```python\nfrom justhtml import JustHTML\n\npayload = \"<pre>```\\n<img src=x onerror=alert(1)></pre>\"\ndoc = JustHTML(payload, fragment=True) # default sanitize=True\n\nprint(doc.to_html(pretty=False))\n# <pre>```\n# <img src=x onerror=alert(1)></pre>\n\nprint(doc.to_markdown())\n# ```\n# ```\n# <img src=x onerror=alert(1)>\n# ```\n\n```\n\nRendered as CommonMark/GFM-style Markdown, that output is interpreted as:\n\n1. Line 1 opens a fenced code block\n2. Line 2 closes it\n3. Line 3 is raw HTML outside the fence\n4. Line 4 opens a new fence\n\n## Impact\n\nApplications that treat `JustHTML(..., sanitize=True).to_markdown()` output as safe for direct rendering in Markdown contexts may be exposed to XSS, depending on the downstream Markdown renderer's raw-HTML handling.\n\n## Root Cause\n\nThe `<pre>` Markdown serializer uses a fixed fence instead of selecting a delimiter longer than the longest backtick run in the content.\n\n## Fix\n\nWhen serializing `<pre>` content to Markdown, choose a fence length longer than any backtick run present in the code block content, with a minimum length of 3.", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/commit/f35f8f723c713bd8f912d86e9ec6881275ff5af9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/commit/f35f8f723c713bd8f912d86e9ec6881275ff5af9" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.13.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.13.0" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-5vp3-3cg6-2rq3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-5vp3-3cg6-2rq3" }, { "reference_url": "https://github.com/advisories/GHSA-5vp3-3cg6-2rq3", "reference_id": "GHSA-5vp3-3cg6-2rq3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vp3-3cg6-2rq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112763?format=api", "purl": "pkg:pypi/justhtml@1.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-cdux-h8qv-bqan" }, { "vulnerability": "VCID-ju6h-jvfq-yfb6" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" }, { "vulnerability": "VCID-xbwj-dann-yudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.13.0" } ], "aliases": [ "GHSA-5vp3-3cg6-2rq3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-seu1-1kkh-kkas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89355?format=api", "vulnerability_id": "VCID-sfgz-pcf7-1ka4", "summary": "justhtml has sanitization bypass in custom policies and programmatic DOM\n## Summary\n\n`justhtml` `1.17.0` fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.\n\nMost of these issues affected advanced or custom configurations rather than the default safe path.\n\n## Affected versions\n\n- `justhtml` `<= 1.16.0`\n\n## Fixed version\n\n- `justhtml` `1.17.0` released on April 19, 2026\n\n## Impact\n\n### Custom SVG / MathML sanitization policies\nCustom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:\n\n- active HTML integration points such as SVG `<foreignObject>`, MathML `<annotation-xml encoding=\"text/html\">`, SVG `<title>` / `<desc>`, and MathML text integration points\n- mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse\n- SVG `filter=\"url(...)\"` attributes that could trigger external fetches\n\nThese issues affected:\n- `JustHTML(..., sanitize=True)` with custom foreign-namespace policies\n- `sanitize()` / `sanitize_dom()`\n- low-level terminal `Sanitize(...)` transform execution\n\n### Preserved `<style>` handling\nConstructor-time sanitization and explicit `Sanitize(...)` transforms did not fully match `sanitize()` / `sanitize_dom()` when custom policies preserved `<style>`.\n\nThat could leave resource-loading CSS such as `@import` or `background-image:url(...)` in sanitized output from HTML string input.\n\n### Programmatic DOM serialization\nProgrammatic `script`, `style`, and `Comment(...)` nodes could still serialize into active markup in some edge cases.\n\nThis could affect applications that build or mutate DOM trees directly before calling `to_html()` or `to_markdown(html_passthrough=True)`.\n\n### Cache mutation and DOM cycle handling\nTwo lower-severity hardening fixes were included:\n\n- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization\n- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as `to_html()` and `sanitize_dom()`\n\n## Default configuration\n\nMost of the issues above did **not** affect ordinary parsed HTML with the default `JustHTML(..., sanitize=True)` configuration.\n\nThe main risk areas were:\n\n- custom policies that preserve SVG or MathML\n- custom policies that preserve `<style>`\n- programmatic DOM construction or mutation\n- low-level direct sanitizer/transform APIs\n\n## Recommended action\n\nUpgrade to `justhtml` `1.17.0`.\n\nIf users cannot upgrade immediately:\n\n- avoid preserving SVG or MathML for untrusted input\n- avoid preserving `<style>` for untrusted input\n- avoid mutating programmatic DOM trees with untrusted `script`, `style`, or comment content\n- avoid mutating warmed policy internals or sanitizer caches\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34" }, { "reference_url": "https://github.com/advisories/GHSA-vrx2-77f2-ww34", "reference_id": "GHSA-vrx2-77f2-ww34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrx2-77f2-ww34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110488?format=api", "purl": "pkg:pypi/justhtml@1.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.17.0" } ], "aliases": [ "GHSA-vrx2-77f2-ww34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfgz-pcf7-1ka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91762?format=api", "vulnerability_id": "VCID-wpb8-14qx-r7b1", "summary": "Uncontrolled recursion DoS in JustHTML() via deeply nested HTML\n### Summary\n\njusthtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, `JustHTML.__init__()` always reaches `TreeBuilder.finish()`, which unconditionally calls `_populate_selectedcontent()`. That function recursively traverses the DOM via `_find_elements()` / `_find_element()` without a depth bound, allowing attacker-controlled deeply nested input to trigger an unhandled `RecursionError` on CPython. Depending on the host application's exception handling, this can abort parsing, fail requests, or terminate a worker/process.\n\n### Details\n\n`TreeBuilder.finish()` ([`treebuilder.py#L476`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/treebuilder.py#L476)) unconditionally calls `_populate_selectedcontent(self.document)` at [line 494](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/treebuilder.py#L494). `_populate_selectedcontent()` ([`treebuilder.py#L1243`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/treebuilder.py#L1243)) calls `_find_elements()` ([`treebuilder.py#L1280`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/treebuilder.py#L1280)) to recursively search the DOM tree for `<select>` elements:\n\n```python\ndef _find_elements(self, node: Any, name: str, result: list[Any]) -> None:\n \"\"\"Recursively find all elements with given name.\"\"\"\n if node.name == name:\n result.append(node)\n if node.has_child_nodes():\n for child in node.children:\n self._find_elements(child, name, result) # recursive call\n```\n\nWhen the DOM tree depth exceeds CPython's default recursion limit (1000), this raises an unhandled `RecursionError`. The full call path is:\n\n`JustHTML(html)` → `tokenizer.run()` → `tree_builder.finish()` → `_populate_selectedcontent(document)` → `_find_elements(root, \"select\", selects)` (recursive)\n\nDeeply nested DOM trees can be produced by nesting `<div>` tags ~1000 levels deep. On CPython with the default recursion limit, approximately 11 KB of `<div>` nesting is sufficient to trigger the error. The exact depth threshold is environment-dependent (CPython version, recursion limit setting, call stack depth at invocation).\n\nAdditional recursive functions are affected on already-parsed deep trees:\n- `Node.clone_node(deep=True)` ([`node.py#L523`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/node.py#L523)) — called during sanitization\n- `_node_to_html()` ([`serialize.py#L580`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/serialize.py#L580)) — used by `to_html(pretty=True)`\n- `_to_markdown_walk()` ([`node.py#L817`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/node.py#L817)) — used by `to_markdown()`\n\nNote: the library already uses iterative traversal in several comparable functions (e.g., `_node_to_html_compact` at [`serialize.py#L197`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/serialize.py#L197), `_to_text_collect` at [`node.py#L161`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/node.py#L161), `_is_blocky_element` at [`serialize.py#L405`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/serialize.py#L405), `apply_to_children` at [`transforms.py#L1642`](https://github.com/EmilStenstrom/justhtml/blob/a866b6077770d9ec4cb6b6f9bfe7c918f98455e4/src/justhtml/transforms.py#L1642)), demonstrating the correct pattern.\n\n### PoC\n\n```python\nfrom justhtml import JustHTML\n\nhtml = \"<div>\" * 1000 + \"x\" + \"</div>\" * 1000\ndoc = JustHTML(html) # raises RecursionError\n```\n\nTest environment: CPython 3.14.3, macOS ARM64 (Apple Silicon), justhtml 1.9.1, default recursion limit (1000)\n\n| Input | Size | Result |\n|-------|------|--------|\n| `<div>` × 500 | 5,501 bytes | OK |\n| `<div>` × 800 | 8,801 bytes | OK |\n| `<div>` × 1000 | 11,001 bytes | RecursionError |\n\nThe error occurs with both `sanitize=True` (default) and `sanitize=False`.\n\n### Impact\n\nAn attacker who can supply HTML for parsing can trigger an unhandled `RecursionError` during `JustHTML()` construction. The error is triggered during construction and is not avoided by `justhtml` configuration alone; mitigating it requires host-application exception handling or input constraints. Depending on the host application's exception handling, this can abort parsing, fail requests, or terminate a worker/process.\n\n### Suggested Fix\n\nConvert the recursive tree traversal functions to iterative implementations using an explicit stack. Example for `_find_elements`:\n\n```python\ndef _find_elements(self, node: Any, name: str, result: list[Any]) -> None:\n stack = [node]\n while stack:\n current = stack.pop()\n if current.name == name:\n result.append(current)\n if current.has_child_nodes():\n stack.extend(reversed(current.children))\n```\n\nThe same conversion should be applied to `_find_element`, `clone_node(deep=True)`, `_node_to_html()`, and `_to_markdown_walk()`.", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.10.0" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-v7cf-c9rm-wm3j", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-v7cf-c9rm-wm3j" }, { "reference_url": "https://github.com/advisories/GHSA-v7cf-c9rm-wm3j", "reference_id": "GHSA-v7cf-c9rm-wm3j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7cf-c9rm-wm3j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114094?format=api", "purl": "pkg:pypi/justhtml@1.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-82ee-j3d7-uucn" }, { "vulnerability": "VCID-cdux-h8qv-bqan" }, { "vulnerability": "VCID-mbkb-5x56-u7ej" }, { "vulnerability": "VCID-seu1-1kkh-kkas" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" }, { "vulnerability": "VCID-xbwj-dann-yudk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.10.0" } ], "aliases": [ "GHSA-v7cf-c9rm-wm3j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpb8-14qx-r7b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90350?format=api", "vulnerability_id": "VCID-xbwj-dann-yudk", "summary": "justhtml includes multiple security fixes\n## Summary\n\n`justhtml` `1.15.0` includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases.\n\nThese issues have different impact levels and do not all affect the default configuration in the same way.\n\n## Affected versions\n\n- `justhtml` `<= 1.14.0`\n\n## Fixed version\n\n- `justhtml` `1.15.0` released on April 9, 2026\n\n## Impact overview\n\n### Helper and serialization issues\nThese issues could affect applications using JustHTML helpers or programmatic DOM construction, even outside the default HTML sanitization path.\n\n- `JustHTML.clean_url_value(...)` and `clean_url_in_js_string(...)` could accept URL values such as `javascript:...`, which became active `javascript:` URLs after HTML attribute parsing.\n- URL sanitization could treat values like `\\\\evil.example/x` or `/\\\\evil.example/x` as safe relative URLs even though browsers could resolve them as remote requests.\n- Malformed bracketed hosts such as `https://[evil.example]/x` could raise exceptions and crash sanitization when host allowlists were used.\n- Programmatic element or attribute names containing markup-breaking characters could be serialized into active HTML.\n- Programmatic HTML comments containing `-->` could break out of the comment and inject live markup.\n\n### Markdown passthrough issue\n- `to_markdown(html_passthrough=True)` could reintroduce active HTML from sanitized `<textarea>` content by emitting a raw closing `</textarea>` sequence.\n\n### Custom policy issues\nThese issues affected custom policies more than the default safe configuration.\n\n- `a[ping]` was handled as a single URL even though browsers interpret it as a space-separated URL list.\n- `attributionsrc` was not treated as URL-bearing and could preserve attacker-controlled reporting endpoints.\n- `link[imagesrcset]` was not treated as URL-bearing and could preserve attacker-controlled image candidates.\n- Preserved `<meta http-equiv=\"refresh\">` tags could keep redirect targets without URL-policy enforcement.\n- Preserved `<base href>` tags could rewrite how later relative URLs resolved in the browser.\n- Preserved `<style>` blocks could keep resource-loading CSS such as `@import`, `url(...)`, or `image-set(...)`.\n- Mixed-case attribute names in custom transform pipelines could bypass or confuse security-related transforms such as `DropAttrs(...)`, `DropUrlAttrs(...)`, `AllowStyleAttrs(...)`, and `MergeAttrs(...)`.\n\n## Default configuration\n\nMost of the custom-policy issues above did **not** affect the default `JustHTML(..., sanitize=True)` behavior.\n\nThe main exceptions were:\n- helper APIs such as `clean_url_value(...)`\n- programmatic DOM / serializer usage\n- applications explicitly using `html_passthrough=True`\n- applications using custom policies or custom transform pipelines\n\n## Recommended action\n\nUpgrade to `justhtml` `1.15.0`.\n\nIf you cannot upgrade immediately:\n\n- avoid `html_passthrough=True` for untrusted content\n- avoid preserving `<style>`, `<meta http-equiv=\"refresh\">`, and `<base href>` in custom policies\n- avoid allowing `ping`, `attributionsrc`, or `imagesrcset` unless you explicitly validate them\n- avoid serializing untrusted programmatic node names, attribute names, or comment data", "references": [ { "reference_url": "https://github.com/EmilStenstrom/justhtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/compare/v1.14.0...v1.15.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/compare/v1.14.0...v1.15.0" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.15.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/releases/tag/v1.15.0" }, { "reference_url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-c9vm-hv86-f23r", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-c9vm-hv86-f23r" }, { "reference_url": "https://github.com/advisories/GHSA-c9vm-hv86-f23r", "reference_id": "GHSA-c9vm-hv86-f23r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9vm-hv86-f23r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111655?format=api", "purl": "pkg:pypi/justhtml@1.15.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nnk-vww8-vyh7" }, { "vulnerability": "VCID-cdux-h8qv-bqan" }, { "vulnerability": "VCID-sfgz-pcf7-1ka4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@1.15.0" } ], "aliases": [ "GHSA-c9vm-hv86-f23r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbwj-dann-yudk" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/justhtml@0.5.2" }