CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

EUVD-2025-0240

Malicious code in bioql PyPI...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

PT-2025-4134 · Spatie · Spatie/Browsershot

Name of the Vulnerable Software and Affected Versions: spatie/browsershot versions prior to 5.0.5 Description: The issue is related to improper input validation in the setHtml function, which can be bypassed by omitting slashes in the file URI, such as file:../../../../etc/passwd. This is due to...

Improper Input Validation

Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the fil...