Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Python-Markdown 3.8: Malformed HTML can crash applications
CVE-2025-69534
GHSA-5wmx-573v-2qwq
GHSA-5wmx-573v-2qwq
CVE-2025-69534
Summary
Using Python-Markdown 3.8 to process untrusted Markdown text can cause a crash. This means any application that uses this version to display or process user-generated text could be shut down by an attacker. Update to version 3.8.1 to fix this issue.
What to do
- Update markdown to version 3.8.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | markdown | <= 3.8.1 | 3.8.1 |
| python-markdown | markdown | 3.8 | – |
Original title
Python-Markdown has an Uncaught Exception
Original description
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.
Vulnerability type
CWE-248
CWE-400
Uncontrolled Resource Consumption
- https://github.com/Python-Markdown/markdown
- https://nvd.nist.gov/vuln/detail/CVE-2025-69534
- https://github.com/Python-Markdown/markdown/pull/1535
- https://github.com/advisories/GHSA-5wmx-573v-2qwq
- https://github.com/Python-Markdown/markdown/actions/runs/15736122892
- https://github.com/Python-Markdown/markdown/issues/1534
- http://www.openwall.com/lists/oss-security/2026/03/06/4
Published: 5 Mar 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026