CVE-2025-46656: markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
(updated )
python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption.
References
- github.com/advisories/GHSA-7mpr-5m44-h73r
- github.com/matthewwithanm/python-markdownify
- github.com/matthewwithanm/python-markdownify/commit/959561879693bf4a576f99c6733b50b01186aa08
- github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1
- github.com/matthewwithanm/python-markdownify/issues/143
- nvd.nist.gov/vuln/detail/CVE-2025-46656
Code Behaviors & Features
Detect and mitigate CVE-2025-46656 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →