JLSEC-2026-500

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

JLSEC-2026-499

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

Astra Linux - уязвимость в pandoc

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

MiracleLinux 8 : pandoc-2.0.6-6.el8 (AXSA:2022-3835:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3835:01 advisory. cmark-gfm: possible RCE due to integer overflow CVE-2022-24724 Tenable has extracted the preceding description block directly from the MiracleLinux security...

SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin

Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal...

GHSA-4R66-7RCV-X46X SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin

Summary Siyuan is vulnerable to RCE. The issue stems from a "Zip Slip" vulnerability during zip file extraction, combined with the ability to overwrite system executables and subsequently trigger their execution. Steps to reproduce 1. Authenticate 2. Create zip slip payload with path traversal...

HSEC-2023-0014 Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option ...

[SECURITY] Fedora 41 Update: pandoc-cli-3.1.11.1-34.1.fc41

Pandoc-cli provides a command-line executable that uses the pandoc library to convert between markup formats...

[SECURITY] Fedora 41 Update: pandoc-3.1.11.1-34.fc41

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

Fedora: Security Advisory (FEDORA-2025-ef1d49c67b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : pandoc / pandoc-cli (2025-ef1d49c67b)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-ef1d49c67b advisory. pandoc-cli: - enable pandoc server semantically safe with pandoc-server-0.1.0.5 pandoc: - apply upstream patch to avoid error with ConTeXt 2365309...

EUVD-2023-39920

Malicious code in bioql PyPI...

EUVD-2025-21134

Malicious code in bioql PyPI...

Exploit for Server-Side Request Forgery in Wkhtmltopdf

CVE-2022-35583 Pandoc SSRF POC A Server-Side Request Forgery...

Exploit for CVE-2025-51591

CVE-2025-51591 Pandoc SSRF POC A Server-Side Request Forger...

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

VulnCheck KEV: CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42

Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...

Fedora: Security Advisory (FEDORA-2025-07fdd73bf0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : pandoc (2025-07fdd73bf0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-07fdd73bf0 advisory. update MANUAL to cover threat related to user HTML iframe Tenable has extracted the preceding description block directly from the Fedora security advisory...