CVE-2025-46656

LOW

python-markdownify <0.14.1 - Memory Consumption

Title source: llm

Description

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

References (2)

[Patch] https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1

[Exploit] https://github.com/matthewwithanm/python-markdownify/issues/143

Scores

CVSS v3 2.9

EPSS 0.0007

EPSS Percentile 21.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1284

Status published

Products (2)

matthewwithanm/markdownify < 0.14.1

pypi/markdownify 0 - 0.14.1PyPI

Published Apr 26, 2025

Tracked Since Feb 18, 2026