Stirlingpdf Stirling Pdf vulnerabilities
6 known vulnerabilities affecting stirlingpdf/stirling_pdf.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-55161P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.1.02025-08-11
CVE-2025-55161 [CRITICAL] CWE-918 CVE-2025-55161: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This
nvd
CVE-2025-55150P2CRITICALCVSS 9.8PoCfixed in 1.1.02025-08-11
CVE-2025-55150 [CRITICAL] CWE-918 CVE-2025-55150: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue h
nvd
CVE-2025-55151P3CRITICALCVSS 9.8fixed in 1.1.02025-08-11
CVE-2025-55151 [CRITICAL] CWE-918 CVE-2025-55151: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prio
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.
nvd
CVE-2025-46568P3HIGHCVSS 7.5fixed in 0.45.02025-05-01
CVE-2025-46568 [HIGH] CWE-918 CVE-2025-46568: Stirling-PDF is a locally hosted web application that allows you to perform various operations on PD
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content
nvd
CVE-2026-33436P4MEDIUMCVSS 6.1fixed in 2.0.02026-04-17
CVE-2026-33436 [MEDIUM] CWE-20 CVE-2026-33436: Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a malicious filename containing JavaScript that executes in t
nvd
CVE-2024-9075P4MEDIUMCVSS 5.4fixed in 0.29.02024-09-21
CVE-2024-9075 [MEDIUM] CWE-79 CVE-2024-9075: A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as probl
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
nvd