CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added last week•6 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the text extraction when handling form XObjects with self-references. An...

6.9CVSS5.9AI score0.00024EPSS

Exploits0References2

IBM Security Bulletins•added 2026/06/12 10:57 a.m.•6 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

9.8CVSS7AI score0.00575EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2026/06/09 3:16 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.3AI score0.00399EPSS

vulnersOsv•added 2026/05/28 4:50 p.m.•5 views

5mghost-rover (>=0.0.1 <=0.0.3), ace-framework (>=0.6.0 <=0.7.3) +94 more potentially affected by CVE-2026-48155 via pypdf (>=6.0.0 <=6.11.0)

pypdf PYPI version =6.0.0, =0.0.1, =0.6.0, =0.1.0, =0.0.2, =0.1.0, =0.0.24, =1.45.0, =0.1.2, =0.0.1.dev0, =0.0.1, =0.0.2, =0.0.5 - autopattern =0.2.0 and more Source cves: CVE-2026-48155 Source advisory: SNYK:PYTHON-PYPDF-17054919...

5.5CVSS5.4AI score0.00128EPSS

Exploits0

vulnersOsv•added 2026/05/28 4:48 p.m.•5 views

5mghost-rover (>=0.0.1 <=0.0.3), ace-framework (>=0.6.0 <=0.7.3) +94 more potentially affected by CVE-2026-48735 via pypdf (>=6.0.0 <=6.11.0)

6.9CVSS5.4AI score0.00129EPSS

Exploits0

Snyk•added 2026/05/28 4:48 p.m.•7 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parsing process. An attacker can cause excessive memory consumption b...

ATTACKERKB•added 2026/05/28 2:49 p.m.•7 views

Exploits0References2

CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

Exploits0References4Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•9 views

pypdf 安全漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.12.1, pypdf had a security vulnerability. This vulnerability stemmed from the parsing of large XMP metadata, which might conta...

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44399

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...

IBM Security Bulletins•added 2026/05/18 7:32 p.m.•11 views

Exploits0References15

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27024 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to ...

6.9CVSS5.8AI score0.00168EPSS

IBM Security Bulletins•added 2026/05/13 10:58 a.m.•8 views

Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...

5.1CVSS5.7AI score0.00374EPSS

Exploits2Affected Software2

IBM Security Bulletins•added 2026/05/07 7:14 p.m.•9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior t...

5.1CVSS5.7AI score0.00374EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2026/05/07 7:10 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in pypdf-6.5.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in pypdf-6.5.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22690 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object wit...

6.9CVSS5.5AI score0.00391EPSS

IBM Security Bulletins•added 2026/04/28 7:21 p.m.•2 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28351 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.2AI score0.00423EPSS

RedhatCVE•added 2026/04/25 11:9 a.m.•4 views

CVE-2026-41314

A flaw was found in pypdf, a pure-Python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that accesses an image using /FlateDecode with large size values. This can lead to memory exhaustion, resulting in a Denial of Service DoS for the system processing th...

6.5CVSS5.4AI score0.00226EPSS

Exploits0References7

SUSE CVE•added 2026/04/24 1:28 a.m.•4 views

SUSE CVE-2026-41314

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2...

4.8CVSS5.6AI score0.00226EPSS

Tenable Nessus•added 2026/04/23 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to...

6.5CVSS5.7AI score0.00226EPSS