CVE-2025-56589

The CVE-2025-56589 entry concerns the Apryse HTML2PDF SDK (versions through 11.6.0) with a vulnerability in InsertFromHtmlString() leading to Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). The flaws could allow an attacker to read server-local files or trigger arbitrary HTTP r...

EUVD-2019-0718

Malware in sbrugna...

CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

GHSA-5P98-WPC9-G498 Server-Side Request Forgery in html-pdf-chrome

Recommendation This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether. Original Advisory All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery SSRF. The package...

3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +11 more potentially affected by unknown CVE via html-pdf-chrome (>=0.2.0 <=0.5.0)

html-pdf-chrome NPM version =0.2.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.2.0, =1.0.0, =1.1.0, =1.0.0, =0.1.0, =1.0.3, =0.0.0, =0.5.12 Source cves: unknown CVE Source advisory: OSV:GHSA-5P98-WPC9-G498...

@addo/common-api (>=1.0.0 <=1.0.9), @ahbbvc/invoice-generator (>=1.0.0 <=1.0.9) +262 more potentially affected by CVE-2019-15138 via html-pdf (>=0.1.3 <=2.2.0)

html-pdf NPM version =0.1.3, =1.0.0, =1.0.0, =1.1.1, =2.0.14, =0.0.1, =2.0.1, =1.0.0, =3.5.2, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2 and more Source cves: CVE-2019-15138 Source advisory: OSV:GHSA-X4W5-R546-X9QH...

Arbitrary File Read in html-pdf

All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as...

GHSA-X4W5-R546-X9QH Arbitrary File Read in html-pdf

All versions of html-pdf are vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as...

Arbitrary Code Execution

html-pdf is vulnerable to arbitrary code execution. The vulnerability exists as it does not sanitize html input, allowing information to be exfiltrated through arbitrary XHR requests...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Design/Logic Flaw

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

CVE-2019-15138

CVE-2019-15138 affects the Node.js module html-pdf (v2.2.0). The vulnerability allows an arbitrary file read by processing an HTML file that uses an XMLHttpRequest to access a file:/// URL, enabling the server to exfiltrate local files (e.g., /etc/passwd). Public references in the Connected docum...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Arbitrary File Read

Overview html-pdf before version 3.0.1 is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input with an XHR request such as...