cbcvebase.

Pontedilana Php-Weasyprint vulnerabilities

5 known vulnerabilities affecting pontedilana/php-weasyprint.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2023-28115P2CRITICALCVSS 9.8fixed in 2.6.02023-03-17
CVE-2023-28115 [CRITICAL] CWE-502 CVE-2023-28115: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Pr Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// pr
nvd
CVE-2026-49286P3CRITICALCVSS 9.8≥ 0, < 2.6.02026-06-26
CVE-2026-49286 [CRITICAL] CWE-502 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass) PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass) ### Summary `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist: ```php if (0 === \strpos($filename, 'phar://')) { throw new \InvalidArgumentException('The output file c
ghsa
CVE-2026-49260P3HIGHCVSS 8.2fixed in 2.5.12026-06-19
CVE-2026-49260 [HIGH] CWE-78 CVE-2026-49260: PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary path through `escapeshellarg()` first and then checking the *quoted* result with `is_executable()`. On POSIX `escapeshellarg('/usr/local/bin/weasyprint')` re
ghsanvd
CVE-2026-49359P3MEDIUMCVSS 6.5fixed in 2.6.02026-06-19
CVE-2026-49359 [MEDIUM] CWE-918 CVE-2026-49359: PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option values server-side via `file_get_contents()` when the value looks like a URL, without restricting the URL scheme. The `attachment` option of `Pdf` is the reachable sink: any value that p
ghsanvd
CVE-2026-49358P4LOWCVSS 3.0fixed in 2.6.02026-06-19
CVE-2026-49358 [LOW] CWE-73 CVE-2026-49358: PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is a public array, and `removeTemporaryFiles()` — invoked from `__destruct()` and from a registered shutdown function — calls `unlink()` on every entry without verifying that the path is contained within the temp
ghsanvd