Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59929

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, and res: to reach rendered href and src attributes and potentially execute script in affected user agents. This issue is fixed in version 3.3.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-59929


Contact Us

Shodan ® - All rights reserved