Medium severity6.5OSV Advisory· Published Sep 29, 2025· Updated Apr 15, 2026
CVE-2025-59940
CVE-2025-59940
Description
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mkdocs-include-markdown-pluginPyPI | < 7.1.8 | 7.1.8 |
Affected products
2- Range: v1.0.0, v2.0.0, v2.1.0, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-v39m-5m9j-m9w9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59940ghsaADVISORY
- github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915nvdWEB
- github.com/mondeja/mkdocs-include-markdown-plugin/issues/274nvdWEB
- github.com/mondeja/mkdocs-include-markdown-plugin/pull/277nvdWEB
- github.com/mondeja/mkdocs-include-markdown-plugin/security/advisories/GHSA-v39m-5m9j-m9w9nvdWEB
News mentions
0No linked articles in our index yet.