— 0.0 PyPI
GHSA-8rfp-98v4-mmr6 Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output
Modified: 6/16/2026
package
PyPI / bleach
pkg:pypi/bleach
MEDIUM 4.3 PyPI
GHSA-g75f-g53v-794x Bleach linkify(parse_email=True) CPU exhaustion via unbounded email regex scanning
Modified: 6/16/2026
MEDIUM 6.1 PyPI
GHSA-gj48-438w-jh9v Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes
Modified: 6/16/2026
MEDIUM 6.1 PyPI
GHSA-m6xf-fq7q-8743 · CVE-2020-6816, PYSEC-2020-28 Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag
Modified: 3/13/2026
CRITICAL 9.8 PyPI
GHSA-m9mq-p2f9-cfqv · CVE-2018-7753, PYSEC-2018-51 Bleach URI Scheme Restriction Bypass
Modified: 2/16/2025
MEDIUM 6.1 PyPI
GHSA-q65m-pv3f-wr5r · CVE-2020-6802, PYSEC-2020-27 XSS in Bleach when noscript and raw tag whitelisted
Modified: 3/13/2026
HIGH 7.5 PyPI
GHSA-vqhp-cxgc-6wmm · CVE-2020-6817, PYSEC-2020-340 regular expression denial-of-service (ReDoS) in Bleach
Modified: 3/13/2026
MEDIUM 6.1 PyPI
GHSA-vv2x-vrpj-qqpq · CVE-2021-23980, PYSEC-2021-865 Cross-site scripting in Bleach
Modified: 3/13/2026
— PyPI
PYSEC-2018-51 · CVE-2018-7753, GHSA-m9mq-p2f9-cfqv Modified: 11/8/2023
— PyPI
PYSEC-2020-27 · CVE-2020-6802, GHSA-q65m-pv3f-wr5r Modified: 11/8/2023
— PyPI
PYSEC-2020-28 · CVE-2020-6816, GHSA-m6xf-fq7q-8743 Modified: 11/8/2023
— PyPI
PYSEC-2020-340 · CVE-2020-6817, GHSA-vqhp-cxgc-6wmm Modified: 11/8/2023
— PyPI
PYSEC-2021-865 · CVE-2021-23980, GHSA-vv2x-vrpj-qqpq Modified: 11/8/2023