Advisories for Pypi/Markdown2 package

markdown2 If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

python-markdown2 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

python-markdown2 has multiple cross-site scripting (XSS) issues.

An issue was discovered in markdown. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, an XSS can be triggered by omitting the final > character from an IMG tag.