Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python-mistune fixes the following issues
- CVE-2026-59922: quadratic-time parsing on long runs of some markers in `formatting.py` can lead to DoS (bsc#1271117).
- CVE-2026-59923: `HTMLRenderer.safe_url()` does not block percent-encoded javascript URIs and allows for XSS
(bsc#1271119).
- CVE-2026-59924: improper processing of user-supplied include paths in `Include.parse()` can lead to path traversal
and arbitrary file reads (bsc#1271121).
- CVE-2026-59925: quadratic-time parsing on long runs of some emphasis pairs in `inline_parser` can lead to DoS
(bsc#1271125).
- CVE-2026-59926: improper escaping in `render_admonition()` can lead to atribute injection and XSS (bsc#1271127).
- CVE-2026-59927: uncontrolled recursion when processing two markdown files that include each other can lead to a DoS
(bsc#1271128).
- CVE-2026-59928: quadratic-time parsing on long lists of repeated reference-link definitions in `block_parser` can
lead to DoS (bsc#1271131).
-...
Read the Full Advisory- openSUSE Leap 16.0:
python313-mistune-3.1.3-160000.5.1
* bsc#1271082
* bsc#1271117
* bsc#1271119
* bsc#1271121
* bsc#1271125
* bsc#1271127
* bsc#1271128
* bsc#1271131
* bsc#1271132
References:
* https://www.suse.com/security/cve/CVE-2026-44896.html
* https://www.suse.com/security/cve/CVE-2026-59922.html
* https://www.suse.com/security/cve/CVE-2026-59923.html
* https://www.suse.com/security/cve/CVE-2026-59924.html
* https://www.suse.com/security/cve/CVE-2026-59925.html
* https://www.suse.com/security/cve/CVE-2026-59926.html
* https://www.suse.com/security/cve/CVE-2026-59927.html
* https://www.suse.com/security/cve/CVE-2026-59928.html
* https://www.suse.com/security/cve/CVE-2026-59929.html
* https://www.suse.com/security/cve/CVE-2026-59930.html
Get the latest Linux and open source security news straight to your inbox.