cbcvebase.

Stirlingpdf Stirling Pdf vulnerabilities

6 known vulnerabilities affecting stirlingpdf/stirling_pdf.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-55161P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.1.02025-08-11
CVE-2025-55161 [CRITICAL] CWE-918 CVE-2025-55161: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This
nvd
CVE-2025-55150P2CRITICALCVSS 9.8PoCfixed in 1.1.02025-08-11
CVE-2025-55150 [CRITICAL] CWE-918 CVE-2025-55150: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue h
nvd
CVE-2025-55151P3CRITICALCVSS 9.8fixed in 1.1.02025-08-11
CVE-2025-55151 [CRITICAL] CWE-918 CVE-2025-55151: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.
nvd
CVE-2025-46568P3HIGHCVSS 7.5fixed in 0.45.02025-05-01
CVE-2025-46568 [HIGH] CWE-918 CVE-2025-46568: Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content
nvd
CVE-2026-33436P4MEDIUMCVSS 6.1fixed in 2.0.02026-04-17
CVE-2026-33436 [MEDIUM] CWE-20 CVE-2026-33436: Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a malicious filename containing JavaScript that executes in t
nvd
CVE-2024-9075P4MEDIUMCVSS 5.4fixed in 0.29.02024-09-21
CVE-2024-9075 [MEDIUM] CWE-79 CVE-2024-9075: A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as probl A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
nvd
Stirlingpdf Stirling Pdf vulnerabilities | cvebase