Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

EUVD-2026-28404

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

BentoPDF 跨站脚本漏洞

BentoPDF is a privacy-oriented client PDF processing tool developed by Alam. Versions of BentoPDF prior to 2.8.3 contained a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing attackers to execute arbitrary JavaScript within the Markdown to PDF tool...

PT-2026-38546

Name of the Vulnerable Software and Affected Versions BentoPDF versions prior to 2.8.3 Description BentoPDF is a self-hostable client-side PDF toolkit. A cross-site scripting issue exists in the Markdown to PDF Tool, which allows an attacker to execute arbitrary JavaScript under certain...

CVE-2026-27625

Stirling-PDF (local web app) is affected in all versions prior to 2.5.2. The vulnerability resides in the /api/v1/convert/markdown/pdf endpoint, where user-supplied ZIP entries are extracted without path checks, enabling path traversal and arbitrary file write by any authenticated user (stirlingp...

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

EUVD-2026-13638

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

PT-2026-26592

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

Arbitrary Code Injection

md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

EUVD-2025-198317

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

CVE-2025-65108

CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...

CVE-2025-65108 md-to-pdf is vulnerable to arbitrary JavaScript code execution when parsing front matter

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

Markdown To Pdf 代码注入漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. Used to convert Markdown to pdf. A code injection vulnerability exists in Markdown To Pdf versions prior to 5.2.5, which stems from improper handling of Markdown front-end blocks and could...

@bitacode/apispecmd-ts (>=0.0.1 <=0.1.2), @bpa-solutions/assistant (>=13.5.0 <=13.5.0-dev) +15 more potentially affected by CVE-2025-65108 via md-to-pdf (>=2.8.2 <=5.2.4)

md-to-pdf NPM version =2.8.2, =0.0.1, =13.5.0, =0.0.0, =0.0.2, =0.0.2, =0.7.2, =1.0.1, =0.2.0, =0.1.0, =1.1.0, =0.2.0, =1.5.0, =1.10.0, =2.0.0 and more Source cves: CVE-2025-65108 Source advisory: OSV:GHSA-547R-QMJM-8HVW...

md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...

PT-2025-47654

Name of the Vulnerable Software and Affected Versions md-to-pdf versions prior to 5.2.5 Description md-to-pdf is a command-line interface CLI tool used for converting Markdown files to PDF format, utilizing Node.js and a headless Chrome browser. A flaw exists in the way the tool handles Markdown...