If you discover a security vulnerability, do not submit a public issue or patch. Instead, please report it privately through the GitHub Security tab.
Security: lepture/mistune
Security
.github/SECURITY.md
-
Arbitrary Local File Read via Include DirectiveGHSA-jhcm-5rpf-j3wv published
Jun 21, 2026 by leptureModerate -
XSS via percent-encoded javascript URI bypass in safe_url()GHSA-8c25-4j27-2rv3 published
Jun 21, 2026 by leptureModerate -
ReDoS in LINK_TITLE_RE allows denial of service via crafted Markdown inputGHSA-8mp2-v27r-99xp published
May 6, 2026 by leptureHigh -
Arbitrary File Read via Include directive path traversalGHSA-r4rv-85jg-w4mf published
Jun 21, 2026 by leptureModerate -
Denial-of-Service (DoS) vulnerabilityGHSA-hjph-f4mc-wx4c published
May 6, 2026 by leptureHigh -
XSS via unescaped class option in Admonition directiveGHSA-g97x-gvcm-x72h published
Jun 21, 2026 by leptureModerate -
XSS via unescaped figclass/figwidth in Figure directiveGHSA-58cw-g322-p94v published
May 6, 2026 by leptureModerate -
Path Traversal and XSS in Include directiveGHSA-h7ww-273w-6cm8 published
Jun 21, 2026 by leptureHigh
Learn more about advisories related to lepture/mistune in the GitHub Advisory Database