GHSA-R3XG-RG9J-67FV Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

PT-2026-46105

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

PT-2026-46120

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

PT-2026-5679

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description A crafted wheel archive during installation and extraction by pip may allow files to be extracted outside the intended installation directory. This path traversal is limited to prefixes of the...