What is CVE-2025-46656?

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption.

How severe is CVE-2025-46656?

CVE-2025-46656 has a CVSS v3 score of 2.9 (LOW).

CVE-2025-46656

Name: markdownify
Author: matthewwithanm

2.9LOW

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Published: 4/26/2025Updated: 10/16/2025

View on NVD View on MITRE

Description

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

AI AnalysisPowered by AI

Affected Products

matthewwithanmmarkdownify

References

https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1
Patch
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit