CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00407EPSS

Exploits0References5

vulnersOsv•added 2026/06/03 9:15 p.m.•5 views

askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +26 more potentially affected by CVE-2026-47214 via docling (>=2.10.0 <=2.93.0)

docling PYPI version =2.10.0, =1.0.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =4.0.2 - mellea =0.0.1 and more Source cves: CVE-2026-47214 Source advisory: SNYK:PYTHON-DOCLING-17151773...

5.5AI score0.00041EPSS

Exploits0

vulnersOsv•added 2026/06/03 9:15 p.m.•5 views

askbase (>=1.0.0 <=1.0.2), auto-survey (>=0.1.0 <=0.2.4) +30 more potentially affected by CVE-2026-47214 via docling (>=1.11.0 <=2.93.0)

docling PYPI version =1.11.0, =1.0.0, =0.1.0, =0.2.1, =0.2.1.dev0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =1.0.13 and more Source cves: CVE-2026-47214 Source advisory: OSV:GHSA-Q29V-XC37-WH5M...

5.5AI score0.00041EPSS

Exploits0

Snyk•added 2026/06/03 9:15 p.m.•7 views

External Control of File Name or Path

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to External Control of File Name or Path in backend/htmlbackend.py‎, which ...

6.9CVSS5.5AI score0.00041EPSS

Exploits0References2

vulnersOsv•added 2026/06/03 9:14 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44022 via docling (>=2.73.1 <=2.90.0)

docling PYPI version =2.73.1, =0.1.0, =0.30.1, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44022 Source advisory: OSV:GHSA-2J5P-7P5M-CVQR...

5.5AI score0.00148EPSS

Exploits0

vulnersOsv•added 2026/06/03 9:14 p.m.•7 views

haiku-rag (>=0.19.2 <=0.33.0), iatoolkit (>=1.40.0 <=1.42.0) +18 more potentially affected by CVE-2026-44020 via docling (>=2.17.0 <=2.73.1)

docling PYPI version =2.17.0, =0.19.2, =1.40.0, =0.1.0, =0.2.1, =0.6.1, =0.4.0, =1.0.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-44020 Source advisory: SNYK:PYTHON-DOCLING-17151850...

5.5AI score0.00283EPSS

Exploits0

vulnersOsv•added 2026/06/03 9:13 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: SNYK:PYTHON-DOCLING-17151841...

5.5AI score0.00015EPSS

Exploits0

vulnersOsv•added 2026/06/03 9:13 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

5.5AI score0.00015EPSS

Exploits0

Snyk•added 2026/06/03 9:13 p.m.•7 views

XML External Entity Injection

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML External Entity Injection in the METS-GBS backend's XML parsing and...

6.9CVSS5.5AI score0.00015EPSS

Exploits0References4

vulnersOsv•added 2026/06/03 9:9 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: SNYK:PYTHON-DOCLING-17151857...

5.5AI score0.0031EPSS

Exploits0

vulnersOsv•added 2026/06/03 9:9 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: OSV:GHSA-PJ2V-GGQH-CMQ2...

5.5AI score0.0031EPSS

Exploits0

vulnersOsv•added 2026/06/03 8:2 p.m.•6 views

auto-survey (>=0.1.0 <=0.2.4), data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3) +29 more potentially affected by CVE-2026-44017 via docling (>=1.11.0 <=2.90.0)

docling PYPI version =1.11.0, =0.1.0, =0.2.1, =0.2.1.dev0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =1.0.13 - llama-index-readers-docling =0.1.0 and more Source cves: CVE-2026-44017 Source advisory: OSV:GHSA-CJQG-RQ2H-2FVJ...

5.5AI score0.00407EPSS

Exploits0

vulnersOsv•added 2026/06/03 8:2 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +25 more potentially affected by CVE-2026-44017 via docling (>=2.10.0 <=2.90.0)

docling PYPI version =2.10.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =4.0.2 - mellea =0.0.1 - obsidian-vault-rag =0.1.0 and more Source cves: CVE-2026-44017 Source advisory: SNYK:PYTHON-DOCLING-17151751...

5.5AI score0.00407EPSS

Exploits0

Snyk•added 2026/06/03 8:2 p.m.•7 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in easyocrmodel.py...

7.7CVSS6.1AI score0.00407EPSS

Exploits0References2

vulnersOsv•added 2026/05/11 6:31 p.m.•13 views

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +16 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-31248 Source advisory: OSV:GHSA-9F4Q-Q82Q-4359...

7.5CVSS5.4AI score0.00278EPSS

Exploits0

vulnersOsv•added 2026/05/11 6:31 p.m.•4 views

haiku-rag (>=0.19.2 <=0.33.0), iatoolkit (>=1.40.0 <=1.42.0) +19 more potentially affected by CVE-2026-31247 via docling (>=2.10.0 <=2.73.1)

docling PYPI version =2.10.0, =0.19.2, =1.40.0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =1.0.0, =0.1.29, =0.3.1, =0.10.0, =0.11.2 and more Source cves: CVE-2026-31247 Source advisory: SNYK:PYTHON-DOCLING-16757962...

7.5CVSS5.4AI score0.00351EPSS

Exploits0

vulnersOsv•added 2026/05/11 6:31 p.m.•8 views

data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +16 more potentially affected by CVE-2026-31247 via docling (>=1.11.0 <=2.55.0)

docling PYPI version =1.11.0, =0.2.1, =0.2.1.dev0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =0.1.29, =0.3.1, =0.10.0, =0.2.1, =0.2.6 and more Source cves: CVE-2026-31247 Source advisory: OSV:GHSA-CR42-RG2M-MQ4Q...

7.5CVSS5.4AI score0.00351EPSS

Exploits0

vulnersOsv•added 2026/05/11 5:19 p.m.•5 views

auto-survey (>=0.1.0 <=0.2.4), data-prep-toolkit-transforms (>=0.2.1 <=0.2.1.dev3) +29 more potentially affected by CVE-2026-31248 via docling (>=1.11.0 <=2.90.0)

7.5CVSS5.4AI score0.00278EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by