Astra Linux – Vulnerability in Pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...

EUVD-2023-39920

Malicious code in bioql PyPI...

Exploit for CVE-2025-51591

CVE-2025-51591 Pandoc SSRF POC A Server-Side Request Forger...

Exploit for Server-Side Request Forgery in Wkhtmltopdf

CVE-2022-35583 Pandoc SSRF POC A Server-Side Request Forgery...

Fedora 42 : pandoc (2025-07fdd73bf0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-07fdd73bf0 advisory. update MANUAL to cover threat related to user HTML iframe Tenable has extracted the preceding description block directly from the Fedora security advisory...

RockyLinux 8 : pandoc (RLSA-2025:8427)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8427 advisory. cmark-gfm: Quadratic complexity bugs may lead to a denial of service CVE-2023-24824 Tenable has extracted the preceding description block directly from the...

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

Pandoc 安全漏洞

Pandoc is a Haskell library for converting from one markup format to another, as well as command line tools that use the library. A security vulnerability exists in Pandoc version 3.6.4, which stems from server-side request forgery and could lead to an infrastructure compromise...

RHEL 8 : pandoc (RHSA-2025:8427)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8427 advisory. Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. It can read several...

The vulnerability of the Pandoc format conversion library written in Haskell allows attackers to create or rewrite any files in the system.

The vulnerability of the Pandoc format conversion library written in Haskell is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to create or overwrite arbitrary files in the system by using the --extract-media parameter or by exporting files in PDF...

SUSE CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

UBUNTU-CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

PT-2023-9554

Name of the Vulnerable Software and Affected Versions Pandoc versions 1.13 through 3.1.4 Description Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media...