CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

CVE-2022-0085

Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

EUVD-2022-4917

Malicious code in bioql PyPI...

EUVD-2022-4444

Malicious code in bioql PyPI...

EUVD-2024-3197

Malicious code in bioql PyPI...

EUVD-2023-0628

Malicious code in bioql PyPI...

CVE-2023-24813

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

CVE-2021-3902

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

CVE-2021-3838

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

CVE-2014-5012

DOMPDF before 0.6.2 allows denial of service...

DEBIAN-CVE-2021-3838

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

USN-6277-1 php-dompdf vulnerabilities

It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...

The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, arises due to a possible interpretation conflict. This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, is related to the occurrence of interpretation conflicts. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

DEBIAN-CVE-2023-24813

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

PT-2023-1353 · Dompdf +2 · Dompdf +2

Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 2.0.3 Description: The issue arises from the difference in attribute parsing between Dompdf and php-svg-lib, allowing an attacker to call arbitrary URLs with arbitrary protocols. Dompdf respects the xlink:href attribu...

UBUNTU-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

PT-2022-16401

Name of the Vulnerable Software and Affected Versions dompdf versions prior to 2.0.0 Description The issue concerns a chroot check bypass that could lead to the disclosure of png and jpeg files. It allows for external control of file name or path in the GitHub repository dompdf/dompdf...