Advisories for Pypi/Mistune package

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the key argument.

mistune.py allows XSS via an unexpected newline or a crafted email address, related to the escape and autolink functions.