CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added yesterday•6 views

Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

5.8AI score

Exploits0References3Affected Software1

Positive Technologies•added yesterday•2 views

PT-2026-46123

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score

Exploits0References4

Positive Technologies•added 2 days ago•4 views

PT-2026-45850

Name of the Vulnerable Software and Affected Versions docling-core versions 2.5.0 through 2.74.0 Description Insufficient input sanitization when processing specific documents allows for path traversal, enabling remote attackers to read arbitrary files from the host server. The software allows...

8.1CVSS5.9AI score

Exploits0References5

Cvelist•added 2026/05/14 4:56 p.m.•27 views

CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler

Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...

5.7CVSS0.00029EPSS

CNNVD•added 2026/05/14 12:0 a.m.•3 views

Docling Graph 输入验证错误漏洞

Docling Graph is a structured data processing tool developed by the Docling Project, which converts document content into knowledge graphs. Versions of Docling Graph prior to 1.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation...

5.7CVSS5.8AI score0.00029EPSS

RedhatCVE•added 2026/05/12 8:21 p.m.•5 views

CVE-2026-31247

Docling's JATS XML backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend uses etree.parse to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload XML Bomb. When processed by Doclin...

RedhatCVE•added 2026/05/12 8:21 p.m.•5 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS5.8AI score0.00067EPSS

vulnersOsv•added 2026/05/11 6:31 p.m.•5 views

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +15 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.3.1, =0.10.0, =0.2.1, =0.0.1, =0.4.1 and more Source cves: CVE-2026-31248 Source advisory: OSV:GHSA-9F4Q-Q82Q-4359...

7.5CVSS5.8AI score0.00067EPSS

Exploits0

OSV•added 2026/05/11 6:31 p.m.•4 views

GHSA-9F4Q-Q82Q-4359 Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks

7.5CVSS5.8AI score0.00067EPSS

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2026-29055

5.8AI score0.00052EPSS

vulnersOsv•added 2026/05/11 6:31 p.m.•5 views

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +15 more potentially affected by CVE-2026-31247 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.3.1, =0.10.0, =0.2.1, =0.0.1, =0.4.1 and more Source cves: CVE-2026-31247 Source advisory: OSV:GHSA-CR42-RG2M-MQ4Q...

OSV•added 2026/05/11 6:31 p.m.•3 views

Exploits0

GHSA-CR42-RG2M-MQ4Q Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks

Snyk•added 2026/05/11 6:31 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the...

8.7CVSS5.8AI score0.00052EPSS

Snyk•added 2026/05/11 5:19 p.m.•6 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity...

8.7CVSS5.8AI score0.00067EPSS

NVD•added 2026/05/11 5:16 p.m.•7 views

CVE-2026-31248

7.5CVSS0.00067EPSS

NVD•added 2026/05/11 4:17 p.m.•7 views

CVE-2026-31247

7.5CVSS0.00052EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39617

5.8AI score0.00052EPSS

CVE•added 2026/05/11 12:0 a.m.•6 views

CVE-2026-31247

Docling’s JATS XML backend (up to version 2.61.0) is vulnerable to XML Entity Expansion (XXE). The backend uses etree.parse() without disabling entity resolution, allowing an attacker to submit a crafted XML with nested entity expansions (XML Bomb). Processing such payloads causes exponential ent...